edu-client icon indicating copy to clipboard operation
edu-client copied to clipboard
verified publisher icon codeforcauseorg

package-lock.json changes on npm install

Open faisaljamil25 opened this issue 4 years ago • 1 comments

Describe the bug

This is encountered by many developers. This is actually not a bug but this is happening due to the different versions of npm developers are using and when they try to npm install, the lockfileVersion changes from 1 to 2, and therefore package-lock.json also changes.

Reason

In the recent version of npm i.e v7, a new Lockfile Format has been introduced to increase the performance. Reference

To Reproduce

Steps to reproduce the behavior:

  1. Upgrade npm to the latest version To upgrade on Linux: sudo npm install -g npm@latest To upgrade on Windows follow this link
  2. Pull the latest commits on your local Git repo
  3. npm install

Solution

Since the main repo is using lockfileVersion: 1 there could be two solutions:

  1. Mentors can merge a PR containing lockfileVersion: 2 or upgrade the npm version by themselves and then run npm install. As v2 is backward compatible this should not create bugs for developers using npm versions 5 or 6. See here

  2. As long as this issue is not solved, developers can run npm ci instead of npm install as it installs dependencies directly from package-lock.json so lockfileVersion would not get changed.

Any suggestions @KeenWarrior @kunal-kushwaha @Abhishek-kumar09

faisaljamil25 avatar Apr 10 '21 15:04 faisaljamil25

Will the change would be backward compatible? And Do you want to work on this issue

vasudevsinghal avatar Apr 15 '21 11:04 vasudevsinghal