erisu commented on pull request #570: URL: https://github.com/apache/cordova-cli/pull/570#issuecomment-995697177
Some points about the lock version is that it is an NPM thing, not Node.JS. People could have installed an older Node.js and installed the latest NPM with `npm i -g npm@latest`. The package-lock is a development file and never bundled with the production release package. About the version support, https://docs.npmjs.com/cli/v7/configuring-npm/package-lock-json#lockfileversion > Note that the file format changed significantly in npm v7 to track information that would have otherwise required looking in node_modules or the npm registry. Lockfiles generated by npm v7 will contain lockfileVersion: 2. > > No version provided: an "ancient" shrinkwrap file from a version of npm prior to npm v5. > > 1: The lockfile version used by npm v5 and v6. > 2: The lockfile version used by npm v7, which is backwards compatible to v1 lockfiles. > 3: The lockfile version used by npm v7, without backwards compatibility affordances. This is used for the hidden lockfile at node_modules/.package-lock.json, and will likely be used in a future version of npm, once support for npm v6 is no longer relevant. > > npm will always attempt to get whatever data it can out of a lockfile, even if it is not a version that it was designed to support. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
