-
Notifications
You must be signed in to change notification settings - Fork 28
npm 'optional' fights #197
Comments
Current ticket tracking this on npm side is https://npm.community/t/package-lock-json-keeps-changing-between-platforms-and-runs/1129 I think. |
Sorry for the slow reply on this one from me - I've been a bit rushed for the last couple of days. This one is tricky. There might be something that Dependabot can do in post-processing lockfiles to avoid the npm bug, but it's dangerous for us to meddle with the lockfile too much (in case we introduce our own bugs). I'm guessing there's a reason you're sticking to |
For me it was more like the lack of reason to use yarn, but I guess you have a point so I checked all the places I use npm and looks like I can just call yarn instead of npm everywhere (docker nodejs image & TravisCI), so the only cost is me installing brew so I can have yarn on macOS. Thanks! |
Same, we've not needed to change yet, but perhaps it's sensible to do so. |
@Floppy @prymitive just confirmed that this issue has been fixed in this pr: npm/cli#76 If I understand this issue correctly, once this lands in npm |
@feelepxyz superb! Thanks for the update :) |
This should now be fixed in You'll need to install the new version of npm to get consistent results from running npm install: The fix in npm: npm/cli@1342071 |
Fixes: https://npm.community/t/2569 Credit: @larsgw Reviewed-By: @iarna
@roopakv this is usually because of differing npm versions and should be fixed in the latest version, which version are you running locally and on ci? To install the latest version: |
@feelepxyz Yeah I thought that was the case and it seems like we are running the same version everywhere. (atleast my CI and engineers' local) the problem is from dependabot |
@feelepxyz any update here. We are seeing this happen more frequently now. |
@roopakv what version of |
@feelepxyz We use npm 6.13.6 everywhere. |
I've noticed that we get a lot of change in our
package-lock.json
files aroundoptional
settings for various packages (see https://github.com/apolitical/styleguide/pull/122/files for an example).I think it's caused by npm/npm#17722, which is that the file will be different if it's generated on MacOS or Linux, because of system dependencies of those packages.
We're a mixed-OS development team anyway, so we need to solve this for ourselves, but I wondered if you had any thought on somehow making Dependabot somehow ignore or respect the setting that's already in there.
/cc @huwd @Gisleburt @thethomaseffect
The text was updated successfully, but these errors were encountered: