Skip to content

fix: commit package-lock.json for reproducible installs#257

Merged
sagar1312 merged 1 commit into
masterfrom
sagar1312-fix-commit-package-lock
May 29, 2026
Merged

fix: commit package-lock.json for reproducible installs#257
sagar1312 merged 1 commit into
masterfrom
sagar1312-fix-commit-package-lock

Conversation

@sagar1312
Copy link
Copy Markdown
Member

@sagar1312 sagar1312 commented May 29, 2026
edited
Loading

Summary

  • Remove package-lock.json from .gitignore and commit a freshly-generated lockfile so installs are reproducible across environments and npm audit can run against a known dependency tree.

Test plan

  • git ls-files | grep package-lock.json returns the file.
  • rm -rf node_modules && npm ci && npm test && npm run lint produces a green build.

Follow-ups (out of scope for this PR)

  • Switch CI from npm install to npm ci.
  • Add npm audit --audit-level=high as a non-blocking CI step initially.

@sagar1312 @claude
fix: commit package-lock.json for reproducible installs
361ac42 
Without a tracked lockfile, transitive dependency versions can drift
between installs and npm audit cannot run reliably. Remove the
.gitignore entry and commit a freshly-generated lockfile.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sagar1312 sagar1312 merged commit b04879f into master May 29, 2026
2 checks passed
@sagar1312 sagar1312 deleted the sagar1312-fix-commit-package-lock branch May 29, 2026 16:34
@sd-buildbot
Copy link
Copy Markdown

sd-buildbot commented May 29, 2026

🎉 This PR is included in version 14.6.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DekusDenial DekusDenial DekusDenial approved these changes

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sagar1312 @sd-buildbot @DekusDenial