Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(ci): lock file validation #4363

Merged
merged 1 commit into from
Feb 3, 2022

Conversation

ruyadorno
Copy link
Contributor

@ruyadorno ruyadorno commented Feb 3, 2022

Make sure to validate any lock file (either package-lock.json or
npm-shrinkwrap.json) against the current install. This will properly
throw an error in case any of the dependencies being installed don't
match the dependencies that are currently listed in the lock file.

References

Fixes: #2701
Fixes: #3947

@ruyadorno ruyadorno requested a review from a team as a code owner February 3, 2022 03:26
@ruyadorno ruyadorno added Release 8.x work is associated with a specific npm 8 release release: next These items should be addressed in the next release semver:patch semver patch level for changes labels Feb 3, 2022
@ruyadorno ruyadorno force-pushed the npm-ci-validate-inventories branch from 5319356 to 7a51d96 Compare February 3, 2022 03:34
Make sure to validate any lock file (either package-lock.json or
npm-shrinkwrap.json) against the current install. This will properly
throw an error in case any of the dependencies being installed don't
match the dependencies that are currently listed in the lock file.

Fixes: npm#2701
Fixes: npm#3947
@ruyadorno ruyadorno force-pushed the npm-ci-validate-inventories branch from 7a51d96 to 2620447 Compare February 3, 2022 03:51
throw new Error(
'`npm ci` can only install packages when your package.json and ' +
'package-lock.json or npm-shrinkwrap.json are in sync. Please ' +
'update your lock file with `npm install` ' +
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯 having a path to resolution here explicitly laid out

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agreed! to be fair it's not my doing 😁 I'm just reinstating the message from v6:

https://github.com/npm/libcipm/blob/9ab1a620db485c137b1c89979c80beddf7e2da42/index.js#L172-L178

@ruyadorno ruyadorno merged commit 457e0ae into npm:release-next Feb 3, 2022
@ruyadorno ruyadorno mentioned this pull request Feb 3, 2022
wraithgar added a commit to wraithgar/react that referenced this pull request Feb 17, 2022
Invalid typescript version makes `npm ci` fail in the latest npm
npm/cli#4363

Merge conflict was introduced in
primer#1771
siddharthkp pushed a commit to primer/react that referenced this pull request Feb 17, 2022
Invalid typescript version makes `npm ci` fail in the latest npm
npm/cli#4363

Merge conflict was introduced in
#1771
@das7pad
Copy link

das7pad commented Feb 21, 2022

Hi! Are there plans for back-porting this fix to npm@v7?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release: next These items should be addressed in the next release Release 8.x work is associated with a specific npm 8 release semver:patch semver patch level for changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants