Opened 6 years ago
Last modified 6 years ago
#45088 new defect (bug)
Update package-lock.json for Mac, Linux, and Windows cross-platform compatibility
Reported by: | azaozz | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | minor | Version: | |
Component: | Build/Test Tools | Keywords: | needs-patch |
Focuses: | Cc: |
Description
Doing a "clean" npm install
after #45064 on Windows 10 changed the package-lock.json a bit, adding a few "optional": true
.
Attachments (2)
Change History (11)
#3
@
6 years ago
- Keywords needs-patch added; has-patch removed
- Milestone changed from 5.0 to Future Release
- Summary changed from Update package-lock.json to Update package-lock.json for Mac, Linux, and Windows cross-platform compatibility
tl;dr: If 45088.diff is committed the next Mac or Linux user will then generate a different package-lock.json
The issue is documented in:
Issue: https://github.com/npm/npm/issues/17722 package-lock.json and optional packages
Discussion: https://npm.community/t/package-lock-json-keeps-changing-between-platforms-and-runs/1129
Assume you have a 2 developers, one on mac, and one on linux. You use npm@5.1 (or v6.x) and your project depends on
chokidar
package. That package has optional dependency offsevents
, which is useful only for mac. So, you are on linux, and donpm i chokidar
. npm generatespackage-lock.json
withoutfsevents
, because it is useless on linux. You commit that generated file.
Your teammate pulls your changes, and does
npm i
, to getnode_modules
in sync withpackage-lock.json
. Npm installsfsevents
, and writes it topackage-lock.json
. What should mac user to do? commit that file?
Assume that mac user commits file. Linux user pulls it, and make
npm install
. Npm does not installfsevents
, and removes it frompackage-lock.json
. And this become annoying very quickly.
To confirm the above theory using the latest release Node.js v8.12.0 and npm 6.4.1 I applied 45088.diff on my Mac here locally and deleted the node_modules
folder, then running npm install
results in the package-lock.json
file being restored to the original state before 45088.diff was applied.
I'd love to have this fixed as we've had this ongoing issue for quite some time, see [39368], though until there's an upstream fix there's nothing much that can be done, as such I'm bumping this to future release
#4
follow-up:
↓ 5
@
6 years ago
When running npm install
on my Mac, I see lots of changes of http URLs to https in package-lock.json
. Is that happening for anyone else?
#5
in reply to:
↑ 4
@
6 years ago
Replying to swissspidy:
When running
npm install
on my Mac, I see lots of changes of http URLs to https inpackage-lock.json
. Is that happening for anyone else?
I've not seen this issue personally, taking a quick look inside the 5.0 branch package-lock.json
file;
"browserify-rsa": { "version": "4.0.1", "resolved": "http://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz", "integrity": "sha1-IeCr+vbyApzy+vsTNWenAdQTVSQ=", "dev": true, "requires": { "bn.js": "^4.1.0", "randombytes": "^2.0.1" } }, "browserify-sign": { "version": "4.0.4", "resolved": "https://registry.npmjs.org/browserify-sign/-/browserify-sign-4.0.4.tgz", "integrity": "sha1-qk62jl17ZYuqa/alfmMMvXqT0pg=", "dev": true, "requires": {
I'm going to reopen #43075 for backporting to the 5.0 branch so that package.json
and packge-lock.json
files for both Core and Gutenberg use the same indentation, tabs, not spaces.
Whilst creating that patch I'll also update any http://
instances to https://
This seems "nice to have", happens every time after
npm install
on Win10. Adding here just in case, feel free to "wontfix" :)