docs: nameless package.json pollutes lockfile with worktree dir name#96
Conversation
Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
There was a problem hiding this comment.
Code Review
This pull request adds a new section to the dependency management documentation detailing how a nameless package.json can pollute the package-lock.json file when working within a git worktree. The review feedback suggests minor grammatical and formatting improvements, such as adding the missing preposition "on" and consistently using "git worktree" without a hyphen.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
|



Summary
From a cross-session retrospective (2026-06-27): a recurring npm-in-a-worktree gotcha.
When
package.jsonhas nonamefield,npm installstamps the checkout directory name intopackage-lock.jsonas the root package name. In the git-worktree convention the checkout dir is branch-named (e.g. a Dependabot worktree likefix-dependabot-npm-uuid/) rather than the repo name, so everynpm installrewrites the lockfile'sname— producing a spurious diff a reviewer or CI flags. Fix: add an explicitnamefield topackage.json. A plain clone (dir == repo name) masks the issue, which is why it surfaces specifically in worktree workflows.Changes
skills/github-project/references/dependency-management.md— new "Namelesspackage.jsonPollutes the Lockfile With the Worktree Dir Name" subsection under Troubleshooting Auto-merge (Problem/Cause/Solution, matching the existing house style). No new file; linked reference already enumerated in SKILL.md.Notes
plugin.jsonandSKILL.mdare already in sync at2.15.3and the parity check only enforces they match each other, not that they change for a docs/references edit.🤖 Generated with Claude Code