Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add package lock.json to VCS #7533 #8348

Closed
wants to merge 7 commits into from
Closed

Add package lock.json to VCS #7533 #8348

wants to merge 7 commits into from

Conversation

tshradheya
Copy link
Member

@tshradheya tshradheya commented Jan 24, 2018
edited

Fixes #7533

Outline of Solution

  1. Added package-lock.json to VCS after running npm install
  2. Updated doc to specify minimum Node.js version as 8.x

@tshradheya
Copy link
Member Author

Ready for Review

wkurniawan07
wkurniawan07 requested changes Jan 24, 2018
View reviewed changes
Copy link
Member

@wkurniawan07 wkurniawan07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to update this document; mention that after npm install, there will be changes to the package-lock.json file that should be committed.

@wkurniawan07 wkurniawan07 self-assigned this Jan 24, 2018
@wkurniawan07 wkurniawan07 added the s.Ongoing The PR is being worked on by the author(s) label Jan 24, 2018
wkurniawan07
wkurniawan07 requested changes Jan 25, 2018
View reviewed changes
docs/dependencies.md Outdated
@@ -25,4 +25,4 @@ If a library cannot be found in the NPM registry, simply host a local copy in th
To update your local library configuration:

- For production dependencies, only if you are adding/updating the library, find the files from the library that are necessary to be loaded to webpages, and add/update the entry(ies) in `FrontEndLibrary.java`.
- For development dependencies, run `npm install` from the project root folder.
- For development dependencies, run `npm install` from the project root folder and this will make changes made to the `package-lock.json` file which should be commited.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's rephrase a bit: "...from the project root folder. Additionally, if you are adding/updating the library, commit the changes made automatically to package-lock.json.".

Rationale: only if you're adding/updating the library then you will see the change.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated by making the following change:

  • Additionally, if you are adding/updating the any library, commit the changes made automatically to package-lock.json.

@wkurniawan07
Copy link
Member

@tshradheya For some reason my package-lock.json does not match yours. Instead of "bundled": true in about 100 places I have resolved and integrity fields. Can you check if deleting your package-lock.json and running npm install again still results in this copy of package-lock.json you committed?

@tshradheya
Copy link
Member Author

tshradheya commented Jan 26, 2018
edited

Figured out why such a problem was there.

Figuring out how to solve it

image

So the fsevents package is meant to be optional on systems other than mac and hence I get the above Warn everytime I run npm install.(Interesting discussion on whether it should be WARN or INFO :P )

The reason why I have "bundled" is probably because of "optional": true in fsevents, which doesnt allow sub modules to be processed. Because mac doesnt consider fsevents as optional, hence you might not have the "optional": true in your package-lock.json (Can confirm?)

This problem has been faced by many people (some even went to the extent of migrating to yarn :P ) and the workaround suggested doesn't feel right cause new developers might be confused.

The only way we can get package-lock.json to VCS is to get rid of the only optional dependecy(is this even possible? 😕 ) which is fsevents, otherwise we can avoid adding the package-lock.json file

@wkurniawan07
Copy link
Member

In that case I don't think it's suitable for package-lock.json to be version-controlled. @whipermr5 any further thoughts?

@tshradheya
Copy link
Member Author

tshradheya commented Jan 26, 2018
edited

Okay so researching about it a bit more, I realised that Node.js actually resolved this bug. Source

However to make sure, it works perfectly fine for Teammates, I am going to try on mac and not mac to see if package-lock.jsom keeps changing due to optional dependencies.
The solution will be to generate the package-lock file on mac system and check if on running npm install on other linux systems if the lock file gets updated or not( according to the bug fix it shouldn't) ( Our min requirement will then change to npm 5.6.0 which is automatically shipped with the latest Node.js 8.9.4)

Will probably need a day more to confirm everything and check if it is possible to commit it.

@wkurniawan07
Copy link
Member

Let's close this for now. Can reopen when the Node.js community at large agrees that this package-lock.json should be included, which does not seem to be the case right now.

@tshradheya tshradheya added s.OnHold The issue/PR's validity has been put on hold pending some other event and removed s.Ongoing The PR is being worked on by the author(s) labels Apr 1, 2018
@wkurniawan07 wkurniawan07 removed the s.OnHold The issue/PR's validity has been put on hold pending some other event label Nov 25, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wkurniawan07 wkurniawan07 wkurniawan07 requested changes

Assignees

@wkurniawan07 wkurniawan07

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tshradheya @wkurniawan07