-
Notifications
You must be signed in to change notification settings - Fork 414
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check for non-standard NPM registry in package-lock.json as a step in CI #2876
Comments
@datho7561 I just ran into this and opened this PR for a one-off removal: #3120. In terms of checking it, do you have any preferences for the approach? Do you want to be able to point the line number or something like that? Or would a jq/grep powered check work? Something like:
|
Thanks for submitting the PR! I'll give it a review. For the CI step, I think a check using |
Should make it possible for mere mortals like me to install packages :D Related to #2876.
Thanks for taking the time to fix this up! It should run as part of the verification job now. |
Having references to the Red Hat internal npm repository in the package-lock.json prevents non-Red Hat developers from installing the vscode-java npm dependencies. As mentioned in #2874 (comment), npm will always use the configured repository to download packages, regardless of what's in the package-lock.json, although it will attempt to validate cached packages against what's in the package-lock.json.
It would be nice to check for the internal repo in package-lock.json as a part of the CI so that in the future we don't accidentally commit changes like this.
The text was updated successfully, but these errors were encountered: