MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    Best practice 'package-lock.json' for modules

    Scheduled Pinned Locked Moved
    Development
    5
    18
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KristjanESPERANTOK
      KristjanESPERANTO Module Developer @sdetweil
      last edited by KristjanESPERANTO

      Why npm ci doesn’t help? It doesn’t change the package-lock.json.

      S 1 Reply Last reply Reply Quote 0
      • S
        sdetweil @KristjanESPERANTO
        last edited by

        @KristjanESPERANTO but something else will over the months. and we have to retrain all our users.

        Sam

        How to add modules

        learning how to use css

        KristjanESPERANTOK 1 Reply Last reply Reply Quote 0
        • KristjanESPERANTOK
          KristjanESPERANTO Module Developer @sdetweil
          last edited by

          but something else will over the months.

          “something else” will change the package-lock.json? How can that happen?

          and we have to retrain all our users.

          This is certainly a considerable disadvantage compared to approach 1.

          S 1 Reply Last reply Reply Quote 0
          • S
            sdetweil @KristjanESPERANTO
            last edited by

            @KristjanESPERANTO said in Best practice 'package-lock.json' for modules:

            “something else” will change the package-lock.json? How can that happen?

            someone will forget to be in the modules folder and poof it happens at the root…

            Sam

            How to add modules

            learning how to use css

            JalibuJ 1 Reply Last reply Reply Quote 0
            • JalibuJ
              Jalibu Module Developer @sdetweil
              last edited by

              It is generally recommended best practice to check-in the package-lock.json for node modules.
              However, I in our case of MM-Modules the disadvantages clearly outweigh the expected advantages in my opinion.

              In my modules, it is therefore part of .gitignore

              KristjanESPERANTOK mumblebajM 2 Replies Last reply Reply Quote 1
              • KristjanESPERANTOK
                KristjanESPERANTO Module Developer @Jalibu
                last edited by

                @Jalibu I just wanted to point you to this conversation. Thanks for your feedback! :-)

                I’m thinking about adding a check for it to my project.

                1 Reply Last reply Reply Quote 0
                • mumblebajM
                  mumblebaj Module Developer @Jalibu
                  last edited by

                  My 2 cents worth.

                  @Jalibu I agree with your view.

                  It is highly recommended you commit the generated package lock to source control: this will allow anyone else on your team, your deployments, your CI/continuous integration, and anyone else who runs npm install in your package source to get the exact same dependency tree that you were developing on.

                  See npm documentation

                  @KristjanESPERANTO Personally I always add it to .gitignore along with node_modules folder.

                  Check out my modules at: https://github.com/mumblebaj?tab=repositories

                  S 1 Reply Last reply Reply Quote 1
                  • S
                    sdetweil @mumblebaj
                    last edited by

                    @mumblebaj right it’s good for teams and automated test. but not here.

                    os at different levels, architectures, node levels.

                    I test on Jetson nano, odroid the entire pi family, amd64, arm64, lots of different Linux OS es, virtual machines on amd and arm

                    package-lock is useless and an inhibitor.

                    modules should NEVER ship it.

                    Sam

                    How to add modules

                    learning how to use css

                    KristjanESPERANTOK 1 Reply Last reply Reply Quote 0
                    • KristjanESPERANTOK
                      KristjanESPERANTO Module Developer @sdetweil
                      last edited by

                      Wouldn’t that also be a good idea for the core? It would probably make sense to use the same strategy for the core as for the modules.

                      @rejas @karsten13

                      S 2 Replies Last reply Reply Quote 0
                      • S
                        sdetweil @KristjanESPERANTO
                        last edited by

                        @KristjanESPERANTO well we use it to control the test platforms. but you can’t delete it for clone

                        Sam

                        How to add modules

                        learning how to use css

                        1 Reply Last reply Reply Quote 0
                        • 1
                        • 2
                        • 1 / 2
                        • First post
                          Last post
                        Enjoying MagicMirror? Please consider a donation!
                        MagicMirror created by Michael Teeuw.
                        Forum managed by Sam, technical setup by Karsten.
                        This forum is using NodeBB as its core | Contributors
                        Contact | Privacy Policy