Skip to content

chore: Removed package-lock.json #2208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 23, 2024
Merged

chore: Removed package-lock.json #2208

merged 2 commits into from
May 23, 2024

Conversation

@jsumners-nr
Copy link
Contributor

@jsumners-nr jsumners-nr commented May 22, 2024

As we discussed prior to stand-up on 2024-05-22, this PR removes the package-lock.json from this repo. Doing so provides:

  1. No more useless Dependabot updates that change items in the lock file: when people npm install newrelic, the lock file does not get consulted and thus none of the Dependabot changes have any affect on our customers.
  2. Easier detection of dependency updates in workflows. This will allows chore: Added updating of docs site with compat table #2205 to be updated in such a fashion that we can detect changes to dependency blocks in package.json so that test suites can be triggered or skipped accordingly. With the lock file in place, this sort of workflow detection will be very difficult.

jsumners-nr
jsumners-nr commented May 22, 2024
View reviewed changes
.github/workflows/release-creation.yml
run: |
# Install deps in caller repo
npm ci
npm install
Copy link
Contributor Author

@jsumners-nr jsumners-nr May 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only concern I have in this PR is this line. I do not expect any problem as npm install should still install all dependencies. The difference would be if a repo that is reusing this workflow has updates to package.json and not package-lock.json. In that case, npm ci would notice the discrepancy and generate an error. Whereas npm install will install the dependencies as noted by package.json.

@jsumners-nr jsumners-nr marked this pull request as ready for review May 22, 2024 21:11
bizob2828
bizob2828 requested changes May 23, 2024
View reviewed changes
Copy link
Member

@bizob2828 bizob2828 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should add package-lock.json to .gitignore to be safe. I know you set it in npmignore but wouldn't hurt.

@jsumners-nr
Copy link
Contributor Author

jsumners-nr commented May 23, 2024

I think we should add package-lock.json to .gitignore to be safe. I know you set it in npmignore but wouldn't hurt.

Good call. Done.

@jsumners-nr jsumners-nr requested a review from bizob2828 May 23, 2024 12:46
@jsumners-nr jsumners-nr merged commit b267695 into newrelic:main May 23, 2024
@jsumners-nr jsumners-nr deleted the no-lock branch May 23, 2024 13:01
@jsumners-nr jsumners-nr mentioned this pull request May 23, 2024
Merged
@github-actions github-actions bot mentioned this pull request May 29, 2024
Merged
This was referenced Jul 20, 2024
Closed
Closed
@3Y215 3Y215 mentioned this pull request Jul 30, 2024
Open
@k2xl k2xl mentioned this pull request Aug 2, 2024
Closed
@ZinxValkyria ZinxValkyria mentioned this pull request Aug 3, 2024
Open
This was referenced Aug 13, 2024
Closed
Closed
@coderisnot coderisnot mentioned this pull request Aug 17, 2024
Open
@Abhi9705 Abhi9705 mentioned this pull request Aug 21, 2024
Open
@PoojaPanchal12 PoojaPanchal12 mentioned this pull request Aug 31, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bizob2828 bizob2828 bizob2828 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Node.js Engineering Board
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jsumners-nr @bizob2828