Skip to content
This repository was archived by the owner on Jan 20, 2022. It is now read-only.

WIP feat: make lockfileVersion configurable#329

Closed
isaacs wants to merge 2 commits intomainfrom
isaacs/lockfile-version-config
Closed

WIP feat: make lockfileVersion configurable#329
isaacs wants to merge 2 commits intomainfrom
isaacs/lockfile-version-config

Conversation

@isaacs
Copy link
Copy Markdown
Contributor

@isaacs isaacs commented Oct 4, 2021
edited
Loading

This will tell Arborist to save an appropriate lockfile based on
the version specified.

Version 3 = packages section only
Version 2 = packages and dependencies sections (default)
Version 1 = dependencies section only (legacy npm v6 support)

Re: npm/rfcs#434

  • Needs tests of lib/shrinkwrap.js
  • needs tests showing lockfileVersion option being respected in the lockfile that gets saved by reify(). (manual smoke testing says it's working, just need test to make sure it doesn't stop working someday.)
  • update the RFC to call the config lockfile-version to match the field in the actual lockfile (since it applies to both package-lock.json and npm-shrinkwrap.json equally).

References

@isaacs isaacs force-pushed the isaacs/lockfile-version-config branch from 5b74497 to 5a14631 Compare October 4, 2021 17:02
@isaacs isaacs mentioned this pull request Oct 6, 2021
Merged
ljharb
ljharb reviewed Oct 11, 2021
View reviewed changes
@isaacs isaacs force-pushed the isaacs/lockfile-version-config branch from 3098028 to bc2d313 Compare October 12, 2021 14:48
@isaacs
feat: make lockfileVersion configurable
e840b85 
This will tell Arborist to save an appropriate lockfile based on
the version specified.

Version 3 = packages section only
Version 2 = packages and dependencies sections (default)
Version 1 = dependencies section only (legacy npm v6 support)

Re: npm/rfcs#434
@isaacs isaacs force-pushed the isaacs/lockfile-version-config branch from bc2d313 to d38bab3 Compare October 12, 2021 14:57
wraithgar
wraithgar reviewed Oct 12, 2021
View reviewed changes
wraithgar
wraithgar reviewed Oct 12, 2021
View reviewed changes
wraithgar
wraithgar reviewed Oct 12, 2021
View reviewed changes
@isaacs
feat: Do not implicitly downgrade lockfileVersion from 3 to 2
50deb0d 
If lockfileVersion is explicitly set to 3, and then later it is not
explicitly set, then we continue to use a version 3 lockfile.

If the lockfileVersion is explicitly set, we always use the version in
the options.

Also adds validation to the lockfileVersion config option, and cleans up
the logic in old/ancient lockfile inflation, so that we're not doing
that extra work if there just isn't a lockfile at all.

Finally, this also corrects a weird edge case where we were doing the
"inflate old lockfile" behavior when there is no lockfile present and we
load the initial idealTree state from the actualTree.  That would result
in adding integrity values for packages found present in the tree.
However, as we cannot be sure that `node_modules/foo` came from
`{registry}/foo`, this is an assertion we can't guarantee.  No one has
yet reported this obscure edge case as causing problems.
@isaacs isaacs force-pushed the isaacs/lockfile-version-config branch from d38bab3 to 50deb0d Compare October 12, 2021 15:58
@isaacs isaacs closed this in c7f2370 Oct 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@wraithgar wraithgar wraithgar left review comments

@ljharb ljharb ljharb left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@isaacs @wraithgar @ljharb