New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NPM package has 01/01/1970 timestamps on uglify-js files (breaking build) #5022
Comments
Thanks @sokra. Why does Webpack depend on a version range, and not a specific version of uglify? As a relative newcomer to the Node ecosystem I don't understand why NPM packages seem to favour taking dependencies which are non-deterministic (default behaviour of npm install --save). This caused our deployment process to randomly break. Should Webpack not have deterministic dependencies? |
Package manager like npm and yarn ensure deterministic behavior for your app (using lockfiles). It's common practice to depend on version ranges. This way users can get updates (like bugfixes) of dependencies without waiting for a new webpack version. |
Commit your lockfile. |
Thank you for the advice; will do - I've been looking at Yarn recently. Hope it's agreeable to you for me to close this issue. |
Do you want to request a feature or report a bug?
Bug
What is the current behavior?
The current release of Webpack on NPM includes Uglify-js files with a timestamp of the Unix epoch (1970). This has caused our deployment to break. (Python ZIP does not support timestamps before 1980.)
If the current behavior is a bug, please provide the steps to reproduce.
mkdir webpack-uglify-datestamp-bug
cd webpack-uglify-datestamp-bug
npm init
npm i webpack -S
touch -t 200001010000 /tmp/timestamp
find . ! -newer /tmp/timestamp -printf '%Tc %p\n'
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/output.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/scope.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/ast.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/utils.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/transform.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/compress.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/sourcemap.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/mozilla-ast.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/parse.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/propmangle.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/LICENSE
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/README.md
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/tools/node.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/tools/domprops.json
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/tools/exports.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/tools/props.html
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/bin/uglifyjs
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/bin/extract-props.js
What is the expected behavior?
Correct, recent timestamps
If this is a feature request, what is motivation or use case for changing the behavior?
Please mention other relevant information such as the browser version, Node.js version, webpack version and Operating System.
Ubuntu 16.04 LTS
The text was updated successfully, but these errors were encountered: