WordPress.org

Make WordPress Core

Opened 10 months ago

Last modified 7 months ago

#45149 new defect (bug)

Configure NPM to save exact versions

Reported by: netweb Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords:
Focuses: Cc:

Description

In #43055 and #GB2512 an .npmrc file was added to /trunk to Gutenberg to save npm package versions as exact versions in the package.json file.

This should also be performed for the 5.0 branch, this will ensure everyone is using the same p[ackage versions

Exact versions are ensured by configuring a project-level .npmrc with save-exact = true.

Using exact versions helps avoid avoid and reduce debugging cost of bugs by guaranteeing that two installations of Gutenberg WordPress are running the same dependency versions. It is typically recommendable for applications, whereas a library may want to allow some flexibility in the dependencies it supports (assuming trust in SemVer).

Note: Due to the complexity of the commits in #43055 I'm creating this ticket instead of reopening that ticket

Attachments (2)

45149.diff (5.6 KB) - added by netweb 10 months ago.
45149-lock.diff (3.1 KB) - added by netweb 10 months ago.

Download all attachments as: .zip

Change History (5)

@netweb
10 months ago

@netweb
10 months ago

#1 @netweb
10 months ago

Patch 45149.diff details:

  • There are 5 devDependencies versions that are bumped to the current latest which would match the previous semver constraint, under the assumption that this is what would currently be installed by a fresh clone anyways.
  • There are only some optional (see below) changes to the package-lock.json file as the existing versions are already used in the package-lock.json file

After applying the 45149.diff on my Mac and running npm install the package-lock.json changes are the inverse of the changes added in [43801]

These changes can be seen in the 45149-lock.diff file attached (do not commit this patch)

#2 @youknowriad
9 months ago

  • Milestone changed from 5.0 to Future Release

This needs to be updated and it doesn't feel very important for me for 5.0 RC. We have the package-lock.json. We can improve once ready.

#3 @pento
7 months ago

#45455 was marked as a duplicate.

Note: See TracTickets for help on using tickets.