-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Framework: Avoid churn in npm-shrinkwrap.json #23348
Comments
Possible solutions:
|
https://codingwithspike.wordpress.com/2017/08/11/why-im-sticking-with-yarn/ |
Looks like this was all fixed in npm v5.6: http://blog.npmjs.org/post/167963735925/v560-2017-11-27 We can also take advantage of a new option for |
@samouri my between-the-lines read of that is that we also have to move to a |
We don't need to but it would be good to do. Since shrinkwrap and package-lock are the exact same file format, we could just rename the lock file once its created. |
Right now we do some post-processing on the shrinkwrap to let it work with the npm mirror we use when building prod images... We'll probably need to continue doing that? |
This is not relevant anymore since we move to |
Our
npm-shrinkwrap.json
which lists the exact versions of all of our dependencies has gotten a bit crazy. Here is a history of commits that changed this file with the number of lines added/removed in each commit:You can see that there is a lot of churn in this file recently. Some of it is related to intentional dependency changes, but there are also these changes of about 800 lines that flip back and forth fairly consistently.
On my computer, depending on how I update the lock file in
master
, I can get one of several different results:This file changes dramatically depending on who updates it, apparently depending on the OS and configuration they are using to develop Calypso. For example: the optional dependency
fsevents
is only installed on OS X, so my computer doesn't install it. Some history on this issue: #12370 (comment), #18767 (comment)But ideally, we just want a package lock file that ensures reliable builds in Docker and on the Calypso servers, so it shouldn't change across different kinds of machines or configurations. We also shouldn't be committing a lot of these spurious diffs to git.
I'm not sure the best way to fix or improve this, but seeing big
npm-shrinkwrap.json
diffs in PRs makes me a bit nervous.The text was updated successfully, but these errors were encountered: