+1 - everything that modernizes the tooling that can be used and actually uses its added functionality is a win.
2018-08-02 7:43 GMT+02:00 Chris Brody <chris.br...@gmail.com>: > Just raised https://issues.apache.org/jira/browse/CB-14248 > > Thanks for the helpful responses > On Thu, Aug 2, 2018 at 12:12 AM Shazron <shaz...@gmail.com> wrote: >> >> yes +1 >> On Thu, Aug 2, 2018 at 4:28 AM Chris Brody <chris.br...@gmail.com> wrote: >> > >> > I think we should start to commit package-lock.json in the next major >> > release but am not 100% sure. My understanding is that >> > package-lock.json mostly serves a couple major purposes: >> > * preserve the structure of node_modules cross-platform >> > * use SHA numbers to verify correct packages >> > >> > There seem to have been changes between npm@4 (??), npm@5, and npm@6, >> > as described in the following: >> > * https://github.com/npm/npm/issues/20434 (npm@5 vs npm@6) >> > * https://jpospisil.com/2017/06/02/understanding-lock-files-in-npm-5.html >> > >> > From what I read I think npm@5 & npm@6 would continue to follow the >> > semver rules for packages specified in package.json. >> > >> > Major advantages I can think of: >> > * better consistency for cross-platform development >> > * no need to regenerate package-lock.json for npm audit check >> > >> > But I can think of the following possible disadvantages to consider: >> > * not as easy to update dependencies, probably not possible to just >> > update dependencies by hand >> > * some additional "noise" in the git history, shouldn't be too bad though >> > * possibly major: in case people work on different dependency changes >> > in parallel and want to merge by git merge, rebase, or cherry-pick >> > dealing with the package-lock.json changes may not be so clean >> > >> > and a counter-point: >> > * >> > https://www.codementor.io/johnkennedy/get-rid-of-that-npm-package-lock-json-e0bj7ai42 >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> > For additional commands, e-mail: dev-h...@cordova.apache.org >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> For additional commands, e-mail: dev-h...@cordova.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > For additional commands, e-mail: dev-h...@cordova.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
