Only add requiresBuild to an entry in the lockfile if we know the package needs to be built from info in the package manifest

[zkochan]

Contribution

• I'd be willing to implement this feature (contributing guide)

Describe the user story

We add the requiresBuild fields to the lockfile in order to be able to tell if a dependency needs to be built without reading the package.json file of the dependency. This is supposed to make installation faster with an up-to-date lockfile.

However, some packages don't have build scripts in package.json but still need to be built. We know they need to be built because they have specific build files in their tarball. If a package is optional, we don't download its tarball so we cannot know for sure if it should be built. That is why currently we set requiresBuild to true for all optional dependencies.

Describe the solution you'd like

Remove requiresBuild from the lockfile. Read the package.json file of the package to find out if it needs to be built. Add a requiresBuild field to the package's index file.

Describe the drawbacks of your solution

.

Describe alternatives you've considered

.