Skip to content
This repository has been archived by the owner on Jan 20, 2022. It is now read-only.

WIP feat: make lockfileVersion configurable #329

Closed
wants to merge 2 commits into from
Closed

WIP feat: make lockfileVersion configurable #329

wants to merge 2 commits into from

Conversation

isaacs
Copy link
Contributor

@isaacs isaacs commented Oct 4, 2021
edited
Loading

This will tell Arborist to save an appropriate lockfile based on
the version specified.

Version 3 = packages section only
Version 2 = packages and dependencies sections (default)
Version 1 = dependencies section only (legacy npm v6 support)

Re: npm/rfcs#434

  • Needs tests of lib/shrinkwrap.js
  • needs tests showing lockfileVersion option being respected in the lockfile that gets saved by reify(). (manual smoke testing says it's working, just need test to make sure it doesn't stop working someday.)
  • update the RFC to call the config lockfile-version to match the field in the actual lockfile (since it applies to both package-lock.json and npm-shrinkwrap.json equally).

References

@isaacs isaacs force-pushed the isaacs/lockfile-version-config branch from 5b74497 to 5a14631 Compare October 4, 2021 17:02
@isaacs isaacs mentioned this pull request Oct 6, 2021
Merged
ljharb
ljharb reviewed Oct 11, 2021
View reviewed changes
lib/shrinkwrap.js Show resolved Hide resolved
lib/shrinkwrap.js Outdated Show resolved Hide resolved
@isaacs isaacs force-pushed the isaacs/lockfile-version-config branch from 3098028 to bc2d313 Compare October 12, 2021 14:48
@isaacs
feat: make lockfileVersion configurable
e840b85 
This will tell Arborist to save an appropriate lockfile based on
the version specified.

Version 3 = packages section only
Version 2 = packages and dependencies sections (default)
Version 1 = dependencies section only (legacy npm v6 support)

Re: npm/rfcs#434
@isaacs isaacs force-pushed the isaacs/lockfile-version-config branch from bc2d313 to d38bab3 Compare October 12, 2021 14:57
@isaacs
feat: Do not implicitly downgrade lockfileVersion from 3 to 2
50deb0d 
If lockfileVersion is explicitly set to 3, and then later it is not
explicitly set, then we continue to use a version 3 lockfile.

If the lockfileVersion is explicitly set, we always use the version in
the options.

Also adds validation to the lockfileVersion config option, and cleans up
the logic in old/ancient lockfile inflation, so that we're not doing
that extra work if there just isn't a lockfile at all.

Finally, this also corrects a weird edge case where we were doing the
"inflate old lockfile" behavior when there is no lockfile present and we
load the initial idealTree state from the actualTree.  That would result
in adding integrity values for packages found present in the tree.
However, as we cannot be sure that `node_modules/foo` came from
`{registry}/foo`, this is an assertion we can't guarantee.  No one has
yet reported this obscure edge case as causing problems.
@isaacs isaacs force-pushed the isaacs/lockfile-version-config branch from d38bab3 to 50deb0d Compare October 12, 2021 15:58
@isaacs isaacs closed this in c7f2370 Oct 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wraithgar wraithgar wraithgar left review comments

@ljharb ljharb ljharb left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@isaacs @wraithgar @ljharb