Opened 6 years ago
Last modified 6 years ago
#45149 new defect (bug)
Configure NPM to save exact versions
Reported by: | netweb | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Build/Test Tools | Keywords: | |
Focuses: | Cc: |
Description
In #43055 and #GB2512 an .npmrc
file was added to /trunk
to Gutenberg to save npm package versions as exact versions in the package.json
file.
This should also be performed for the 5.0 branch, this will ensure everyone is using the same p[ackage versions
Exact versions are ensured by configuring a project-level
.npmrc
withsave-exact = true
.
Using exact versions helps avoid avoid and reduce debugging cost of bugs by guaranteeing that two installations of
GutenbergWordPress are running the same dependency versions. It is typically recommendable for applications, whereas a library may want to allow some flexibility in the dependencies it supports (assuming trust in SemVer).
Note: Due to the complexity of the commits in #43055 I'm creating this ticket instead of reopening that ticket
Patch 45149.diff details:
devDependencies
versions that are bumped to the current latest which would match the previous semver constraint, under the assumption that this is what would currently be installed by a fresh clone anyways.package-lock.json
file as the existing versions are already used in thepackage-lock.json
fileAfter applying the 45149.diff on my Mac and running
npm install
thepackage-lock.json
changes are the inverse of the changes added in [43801]These changes can be seen in the 45149-lock.diff file attached (do not commit this patch)