Opened 3 years ago

Closed 3 years ago

#5856 closed change (fixed)

Remove the package-lock.json file from buildtools

Reported by: tlucas Assignee: kzar
Priority: P2 Milestone:
Module: Automation Keywords:
Cc: sebastian, trev, kzar Blocked By:
Blocking: #5535 Platform: Unknown / Cross platform
Ready: yes Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

Description (last modified by kzar)


npm install generates a package-lock.json, which was originally supposed the guarantee an equal environment wherever npm install was run. Unfortunately, it seems like (confirmed by Sebastian / Tristan) an upgrade of npm itself could result in a reordering of the package-lock.json, which causes hg update (called by to fail due to local modification.

What to change

  • Remove package-lock.json from the buildtools repository.
  • Pass the --no-package-lock argument when calling npm install to avoid it being regenerated.

Note: We deliberately avoid ignoring the file, since if the user inadvertently creates one (e.g. runs npm install) it should be explicit.

Change History (10)

comment:1 Changed 3 years ago by sebastian

  • Description modified (diff)

I have a hunch that trev and/or kzar wouldn't be happy with this change. But FWIW, I wasn't happy with adding package-lock.json to the repository in the first place, and given the mess it is causing now, I'd second removing it.

comment:2 Changed 3 years ago by sebastian

Before I knew that the messed up order in package-lock.json was caused by a difference in the npm version, I went ahead fixing the order (for newer versions of npm). However, now I noticed that this might not have been the best idea, as the build server might still rely on the old npm version. Furthermore, I found another issue with the webpack integration in buildtools. So I backed out the whole change for now, see ticket:5535#comment:39.

This issue can probably be closed as a duplicate of #5535, now, where we can address this before landing the webpack integration again.

Last edited 3 years ago by sebastian (previous) (diff)

comment:3 Changed 3 years ago by sebastian

  • Resolution set to duplicate
  • Status changed from new to closed

comment:4 Changed 3 years ago by kzar

  • Blocking 5535 added
  • Description modified (diff)
  • Owner set to kzar
  • Priority changed from Unknown to P2
  • Ready set
  • Summary changed from Ignore package-lock.json when resolving Node.js dependencies to Remove the package-lock.json file from buildtools

Changing the way works relating to package-lock.json should IMO be a separate issues from switching over to use webpack. The file already existed in the repository after all. The fact that the package-lock.json file doesn't exist in the repoitory now is only because it was confusingly removed at the same time the webpack changes were reverted.

comment:5 Changed 3 years ago by kzar

  • Resolution duplicate deleted
  • Status changed from closed to reopened

comment:6 Changed 3 years ago by kzar

  • Description modified (diff)

comment:7 Changed 3 years ago by kzar

  • Review URL(s) modified (diff)
  • Status changed from reopened to reviewing

comment:8 Changed 3 years ago by kzar

  • Description modified (diff)

comment:9 Changed 3 years ago by abpbot

A commit referencing this issue has landed:
Issue 5856 - Pass --no-package-lock argument to npm install

comment:10 Changed 3 years ago by kzar

  • Resolution set to fixed
  • Status changed from reviewing to closed
Note: See TracTickets for help on using tickets.