Closed Bug 1475504 Opened Last year Closed Last year
Don't change package-lock
.json when running 'npm install' due to Lint setup
46 bytes, text/x-phabricator-request
|Details | Review|
In mozilla-central, we've seen <topsrcdir>/package-lock.json being accidentally changed & landed multiple times. You can see this through the non-related commits in its history: https://hg.mozilla.org/mozilla-central/log/tip/package-lock.json We need package-lock.json, as it ties us to specific versions and helps us avoid incidents like the recent eslint-scope issue. It looks like we can prevent npm from doing package-lock.json changes by passing the `--no-package-lock` argument when we install automatically because ESLint requires it. That won't stop changes when people are doing `npm install` manually, but my hope is that's only a few people (and also only a low proportion with broken setups).
This prevents accidental changes to package-lock.json when ESLint's setup runs 'npm install'. Also revert the recent accidental changes to package-lock.json. MozReview-Commit-ID: 21ebhOlQcMv
Comment on attachment 8991840 [details] Bug 1475504 - Don't change package-lock.json when running 'npm install' due to Lint setup. Andrew Halberstadt [:ahal] has approved the revision. https://phabricator.services.mozilla.com/D2118
Attachment #8991840 - Flags: review+
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/d3585ee77bdc Don't change package-lock.json when running 'npm install' due to Lint setup. r=ahal
You need to log in before you can comment on or make changes to this bug.