#40938 closed task (blessed) (fixed)
Add npm `package-lock.json` for npm v5.x
Reported by: | netweb | Owned by: | netweb |
---|---|---|---|
Milestone: | 5.0 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Build/Test Tools | Keywords: | |
Focuses: | Cc: |
Description
npm v5 now by default generates a package-lock.json
file
Some paraphrased notes from the announcement post: http://blog.npmjs.org/post/161081169345/v500
package-lock.json
andnpm-shrinkwrap.json
are aware of each other and happy to coexist
- package locks no longer exclude optionalDependencies that failed to build. This means
package-lock.json
andnpm-shrinkwrap.json
should now be cross-platform.
- Running npm while offline will no longer insist on retrying network requests. npm will now immediately fall back to cache if possible, or fail, npm's caching is vastly improved in npm 5
- On performance, NodeJS 6.9.1 and NPM 3.10.8 running
npm install
in tests took ~67.39 seconds on average, with NodeJS v7.10.0 and npm v5.0.0 this is halved to ~28.938 seconds on average, once npm modules are cached reinstallingnode_modules
averages 23.091 seconds, just shy of a 3x speed boost- Detailed bbPress, BuddyPress, and WordPress performance tests can be seen in this spreedsheet
- The performance boost is comparable to that of Yarn, initial install 21.40 seconds, and subsequent installs 18.82 seconds, see #38603
Related: #38603 Explore adding Yarn and a yarn.lock
file for NPM module management
Change History (8)
#3
@
7 years ago
- Keywords commit removed
- Milestone changed from 4.9 to Future Release
Punting for now, there's an intermittent issue with npm 5 and Travis CI cache, will re-milestone once thats resolved
#4
@
7 years ago
- Keywords needs-patch added
- Milestone changed from Future Release to 5.0
- Owner set to netweb
- Status changed from new to assigned
Once a few dependencies have been updated following WordPress' "build" server and this repo bumping Node.js to 8.9.3 for WordPress 5.0 let's commit both a yarn.lock
and package-lock.json
to the repo, users can choose their tool of choice.
Using the synp package should allow us to keep both lock files in sync programmatically.
#6
@
7 years ago
Perhaps for now we should add package-lock.json
and even yarn.lock
to svn ignore and gitignore. There is no point in producing "messy" diffs with warnings about unversioned files, and tripping up people that want to make a patch. They can be "unignored" easily when the time comes.
I'm also not so keen on using (yet another) package to keep these lock files synced. See the caveats section in the synp docs: https://www.npmjs.com/package/synp#caveats. Ideally we should stick to either package-lock.json
or yarn.lock
and ignore the other.
Via https://docs.npmjs.com/files/package-lock.json
With a switch to npm 5 as the minimum required version this would also eliminate the need to commit a
npm-shrinkwrap.json
file to each branch at release time, refer to #40928 / [40878] for 4.8 for exampleThat said bumping npm version requirements is for another ticket, possibly #35105 if it remains open long enough