Opened on 10/11/2017 at 09:55:33 PM

Closed on 10/12/2017 at 01:26:32 PM

#5856 closed change (fixed)

Remove the package-lock.json file from buildtools

Reported by: tlucas Assignee: kzar
Priority: P2 Milestone:
Module: Automation Keywords:
Cc: sebastian, trev, kzar Blocked By:
Blocking: #5535 Platform: Unknown / Cross platform
Ready: yes Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

Description (last modified by kzar)


npm install generates a package-lock.json, which was originally supposed the guarantee an equal environment wherever npm install was run. Unfortunately, it seems like (confirmed by Sebastian / Tristan) an upgrade of npm itself could result in a reordering of the package-lock.json, which causes hg update (called by to fail due to local modification.

What to change

  • Remove package-lock.json from the buildtools repository.
  • Pass the --no-package-lock argument when calling npm install to avoid it being regenerated.

Note: We deliberately avoid ignoring the file, since if the user inadvertently creates one (e.g. runs npm install) it should be explicit.

Attachments (0)

Change History (10)

comment:1 Changed on 10/11/2017 at 10:07:01 PM by sebastian

  • Description modified (diff)

I have a hunch that trev and/or kzar wouldn't be happy with this change. But FWIW, I wasn't happy with adding package-lock.json to the repository in the first place, and given the mess it is causing now, I'd second removing it.

comment:2 Changed on 10/11/2017 at 11:09:56 PM by sebastian

Before I knew that the messed up order in package-lock.json was caused by a difference in the npm version, I went ahead fixing the order (for newer versions of npm). However, now I noticed that this might not have been the best idea, as the build server might still rely on the old npm version. Furthermore, I found another issue with the webpack integration in buildtools. So I backed out the whole change for now, see ticket:5535#comment:39.

This issue can probably be closed as a duplicate of #5535, now, where we can address this before landing the webpack integration again.

Last edited on 10/11/2017 at 11:16:08 PM by sebastian

comment:3 Changed on 10/12/2017 at 12:10:03 AM by sebastian

  • Resolution set to duplicate
  • Status changed from new to closed

comment:4 Changed on 10/12/2017 at 11:00:38 AM by kzar

  • Blocking 5535 added
  • Description modified (diff)
  • Owner set to kzar
  • Priority changed from Unknown to P2
  • Ready set
  • Summary changed from Ignore package-lock.json when resolving Node.js dependencies to Remove the package-lock.json file from buildtools

Changing the way works relating to package-lock.json should IMO be a separate issues from switching over to use webpack. The file already existed in the repository after all. The fact that the package-lock.json file doesn't exist in the repoitory now is only because it was confusingly removed at the same time the webpack changes were reverted.

comment:5 Changed on 10/12/2017 at 11:00:58 AM by kzar

  • Resolution duplicate deleted
  • Status changed from closed to reopened

comment:6 Changed on 10/12/2017 at 11:12:00 AM by kzar

  • Description modified (diff)

comment:7 Changed on 10/12/2017 at 11:51:33 AM by kzar

  • Review URL(s) modified (diff)
  • Status changed from reopened to reviewing

comment:8 Changed on 10/12/2017 at 01:14:59 PM by kzar

  • Description modified (diff)

comment:9 Changed on 10/12/2017 at 01:23:16 PM by abpbot

A commit referencing this issue has landed:
Issue 5856 - Pass --no-package-lock argument to npm install

comment:10 Changed on 10/12/2017 at 01:26:32 PM by kzar

  • Resolution set to fixed
  • Status changed from reviewing to closed

Add Comment

Modify Ticket

Change Properties
as closed .
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from kzar.
Note: See TracTickets for help on using tickets.