Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Always save package_lock.json when using --package-lock-only #146

Merged
merged 1 commit into from
Feb 18, 2019

Conversation

aeschright
Copy link
Contributor

No description provided.

@aeschright aeschright requested a review from a team as a code owner January 23, 2019 21:40
Copy link
Contributor

@ljharb ljharb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of throwing, is there some reason that --package-lock-only can't imply --package-lock?

@ljharb
Copy link
Contributor

ljharb commented Jan 23, 2019

My use case is:

  1. i always set package-lock=false in my .npmrc, because i don't believe non-apps should ever have lockfiles
  2. npm audit requires a lockfile
  3. i have scripts that do npm install --package-lock --package-lock-only in a script prior to running npm audit, to work around this omission
    and it'd be nice to avoid the seemingly redundant --package-lock :-)

@iarna
Copy link
Contributor

iarna commented Jan 23, 2019

Just implying package-lock doesn't seem outrageous, and as you're our biggest window into --no-package-lock users and you want this, I'm inclined to say that we should do that.

@ljharb
Copy link
Contributor

ljharb commented Jan 23, 2019

to be clear, i also think npm audit should be able to do these steps for me when there's no package-lock present, but either way i think --package-lock-only implying --package-lock makes sense :-)

Thanks!

@aeschright aeschright force-pushed the aeschright/package-lock-error branch from be9f550 to 88f1e1b Compare January 23, 2019 22:22
@aeschright
Copy link
Contributor Author

Makes sense to me!

@zkat zkat added semver:minor new backwards-compatible feature in-progress labels Jan 28, 2019
@aeschright aeschright force-pushed the aeschright/package-lock-error branch from 88f1e1b to b39a196 Compare February 7, 2019 20:44
@aeschright aeschright changed the title install: throw error when using --package-lock-only with package-lock: false always save package_lock.json when using --package-lock-only Feb 7, 2019
@aeschright aeschright changed the title always save package_lock.json when using --package-lock-only Always save package_lock.json when using --package-lock-only Feb 7, 2019
@zkat zkat removed the in-progress label Feb 11, 2019
@zkat zkat merged commit 2f74823 into release-next Feb 18, 2019
@zkat zkat deleted the aeschright/package-lock-error branch February 18, 2019 22:23
zkat pushed a commit that referenced this pull request Feb 18, 2019
@zkat zkat mentioned this pull request Feb 21, 2019
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
semver:minor new backwards-compatible feature
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants