Closed Bug 1475504 Opened Last year Closed Last year

Don't change package-lock.json when running 'npm install' due to Lint setup

Categories

(Firefox Build System :: Lint and Formatting, defect, P1)

defect

Tracking

(firefox63 fixed)

RESOLVED FIXED
mozilla63
Tracking Status
firefox63 --- fixed

People

(Reporter: standard8, Assigned: standard8)

Details

Attachments

(1 file)

In mozilla-central, we've seen <topsrcdir>/package-lock.json being accidentally changed & landed multiple times. You can see this through the non-related commits in its history:

https://hg.mozilla.org/mozilla-central/log/tip/package-lock.json

We need package-lock.json, as it ties us to specific versions and helps us avoid incidents like the recent eslint-scope issue.

It looks like we can prevent npm from doing package-lock.json changes by passing the `--no-package-lock` argument when we install automatically because ESLint requires it.

That won't stop changes when people are doing `npm install` manually, but my hope is that's only a few people (and also only a low proportion with broken setups).
This prevents accidental changes to package-lock.json when ESLint's setup runs 'npm install'.

Also revert the recent accidental changes to package-lock.json.

MozReview-Commit-ID: 21ebhOlQcMv
Comment on attachment 8991840 [details]
Bug 1475504 - Don't change package-lock.json when running 'npm install' due to Lint setup.

Andrew Halberstadt [:ahal] has approved the revision.

https://phabricator.services.mozilla.com/D2118
Attachment #8991840 - Flags: review+
Pushed by mbanner@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d3585ee77bdc
Don't change package-lock.json when running 'npm install' due to Lint setup. r=ahal
https://hg.mozilla.org/mozilla-central/rev/d3585ee77bdc
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.