Make WordPress Core

Opened 6 years ago

Last modified 5 years ago

#45149 new defect (bug)

Configure NPM to save exact versions

Reported by: netweb's profile netweb Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords:
Focuses: Cc:


In #43055 and #GB2512 an .npmrc file was added to /trunk to Gutenberg to save npm package versions as exact versions in the package.json file.

This should also be performed for the 5.0 branch, this will ensure everyone is using the same p[ackage versions

Exact versions are ensured by configuring a project-level .npmrc with save-exact = true.

Using exact versions helps avoid avoid and reduce debugging cost of bugs by guaranteeing that two installations of Gutenberg WordPress are running the same dependency versions. It is typically recommendable for applications, whereas a library may want to allow some flexibility in the dependencies it supports (assuming trust in SemVer).

Note: Due to the complexity of the commits in #43055 I'm creating this ticket instead of reopening that ticket

Attachments (2)

45149.diff (5.6 KB) - added by netweb 6 years ago.
45149-lock.diff (3.1 KB) - added by netweb 6 years ago.

Download all attachments as: .zip

Change History (5)

6 years ago

6 years ago

#1 @netweb
6 years ago

Patch 45149.diff details:

  • There are 5 devDependencies versions that are bumped to the current latest which would match the previous semver constraint, under the assumption that this is what would currently be installed by a fresh clone anyways.
  • There are only some optional (see below) changes to the package-lock.json file as the existing versions are already used in the package-lock.json file

After applying the 45149.diff on my Mac and running npm install the package-lock.json changes are the inverse of the changes added in [43801]

These changes can be seen in the 45149-lock.diff file attached (do not commit this patch)

#2 @youknowriad
6 years ago

  • Milestone changed from 5.0 to Future Release

This needs to be updated and it doesn't feel very important for me for 5.0 RC. We have the package-lock.json. We can improve once ready.

#3 @pento
5 years ago

#45455 was marked as a duplicate.

Note: See TracTickets for help on using tickets.