Skip to content

docs: nameless package.json pollutes lockfile with worktree dir name#96

Merged
CybotTM merged 2 commits into
mainfrom
feat/retro-npm-worktree-lockfile
Jun 27, 2026
Merged

docs: nameless package.json pollutes lockfile with worktree dir name#96
CybotTM merged 2 commits into
mainfrom
feat/retro-npm-worktree-lockfile

Conversation

@CybotTM

@CybotTM CybotTM commented Jun 27, 2026

Copy link
Copy Markdown
Member

Summary

From a cross-session retrospective (2026-06-27): a recurring npm-in-a-worktree gotcha.

When package.json has no name field, npm install stamps the checkout directory name into package-lock.json as the root package name. In the git-worktree convention the checkout dir is branch-named (e.g. a Dependabot worktree like fix-dependabot-npm-uuid/) rather than the repo name, so every npm install rewrites the lockfile's name — producing a spurious diff a reviewer or CI flags. Fix: add an explicit name field to package.json. A plain clone (dir == repo name) masks the issue, which is why it surfaces specifically in worktree workflows.

Changes

  • skills/github-project/references/dependency-management.md — new "Nameless package.json Pollutes the Lockfile With the Worktree Dir Name" subsection under Troubleshooting Auto-merge (Problem/Cause/Solution, matching the existing house style). No new file; linked reference already enumerated in SKILL.md.

Notes

  • No SKILL.md change — it sits at the ~500-word cap; this is references-only.
  • No version bumpplugin.json and SKILL.md are already in sync at 2.15.3 and the parity check only enforces they match each other, not that they change for a docs/references edit.
  • Local validation (pre-commit): markdownlint-cli2, check-version-parity, trailing-whitespace, end-of-file-fixer all Passed.

🤖 Generated with Claude Code

Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
Copilot AI review requested due to automatic review settings June 27, 2026 11:24
@github-actions

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@github-actions github-actions Bot added documentation Improvements or additions to documentation skill labels Jun 27, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds a new section to the dependency management documentation detailing how a nameless package.json can pollute the package-lock.json file when working within a git worktree. The review feedback suggests minor grammatical and formatting improvements, such as adding the missing preposition "on" and consistently using "git worktree" without a hyphen.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread skills/github-project/references/dependency-management.md Outdated
Comment thread skills/github-project/references/dependency-management.md Outdated
Comment thread skills/github-project/references/dependency-management.md Outdated
Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
@CybotTM CybotTM merged commit df6bbb5 into main Jun 27, 2026
18 checks passed
@CybotTM CybotTM deleted the feat/retro-npm-worktree-lockfile branch June 27, 2026 12:24
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation skill

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants