MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    Best practice 'package-lock.json' for modules

    Scheduled Pinned Locked Moved Development
    18 Posts 5 Posters 6.6k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JalibuJ Offline
      Jalibu Module Developer @sdetweil
      last edited by

      It is generally recommended best practice to check-in the package-lock.json for node modules.
      However, I in our case of MM-Modules the disadvantages clearly outweigh the expected advantages in my opinion.

      In my modules, it is therefore part of .gitignore

      KristjanESPERANTOK mumblebajM 2 Replies Last reply Reply Quote 1
      • KristjanESPERANTOK Offline
        KristjanESPERANTO Module Developer @Jalibu
        last edited by

        @Jalibu I just wanted to point you to this conversation. Thanks for your feedback! :-)

        I’m thinking about adding a check for it to my project.

        1 Reply Last reply Reply Quote 0
        • mumblebajM Offline
          mumblebaj Module Developer @Jalibu
          last edited by

          My 2 cents worth.

          @Jalibu I agree with your view.

          It is highly recommended you commit the generated package lock to source control: this will allow anyone else on your team, your deployments, your CI/continuous integration, and anyone else who runs npm install in your package source to get the exact same dependency tree that you were developing on.

          See npm documentation

          @KristjanESPERANTO Personally I always add it to .gitignore along with node_modules folder.

          Check out my modules at: https://github.com/mumblebaj?tab=repositories
          Check my blog-post: https://mumblebaj.xyz/

          S 1 Reply Last reply Reply Quote 1
          • S Offline
            sdetweil @mumblebaj
            last edited by

            @mumblebaj right it’s good for teams and automated test. but not here.

            os at different levels, architectures, node levels.

            I test on Jetson nano, odroid the entire pi family, amd64, arm64, lots of different Linux OS es, virtual machines on amd and arm

            package-lock is useless and an inhibitor.

            modules should NEVER ship it.

            Sam

            How to add modules

            learning how to use browser developers window for css changes

            KristjanESPERANTOK 1 Reply Last reply Reply Quote 0
            • KristjanESPERANTOK Offline
              KristjanESPERANTO Module Developer @sdetweil
              last edited by

              Wouldn’t that also be a good idea for the core? It would probably make sense to use the same strategy for the core as for the modules.

              @rejas @karsten13

              S 2 Replies Last reply Reply Quote 0
              • S Offline
                sdetweil @KristjanESPERANTO
                last edited by

                @KristjanESPERANTO well we use it to control the test platforms. but you can’t delete it for clone

                Sam

                How to add modules

                learning how to use browser developers window for css changes

                1 Reply Last reply Reply Quote 0
                • S Offline
                  sdetweil @KristjanESPERANTO
                  last edited by

                  @KristjanESPERANTO i just did an npm ci in a module folder with no package-lock.json and it complained that it required package-lock.json

                  pi@raspberrypi5:~/Documents/MagicMirror/modules/MMM-Soliscloud $ npm ci
                  npm ERR! code EUSAGE
                  npm ERR! 
                  npm ERR! The `npm ci` command can only install with an existing package-lock.json or
                  npm ERR! npm-shrinkwrap.json with lockfileVersion >= 1. Run an install with npm@5 or
                  npm ERR! later to generate a package-lock.json file, then try again.
                  npm ERR! 
                  

                  Sam

                  How to add modules

                  learning how to use browser developers window for css changes

                  KristjanESPERANTOK 1 Reply Last reply Reply Quote 0
                  • KristjanESPERANTOK Offline
                    KristjanESPERANTO Module Developer @sdetweil
                    last edited by

                    That’s the point of npm ci it takes the package-lock.json to install and it don’t change it.

                    KristjanESPERANTOK 1 Reply Last reply Reply Quote 0
                    • KristjanESPERANTOK Offline
                      KristjanESPERANTO Module Developer @KristjanESPERANTO
                      last edited by

                      well we use it to control the test platforms.

                      Can you show me where?

                      S karsten13K 2 Replies Last reply Reply Quote 0
                      • S Offline
                        sdetweil @KristjanESPERANTO
                        last edited by

                        @KristjanESPERANTO in the npm install on the different test instances. I don’t build those

                        these are effectively docker images, build and execute, throw away

                        Sam

                        How to add modules

                        learning how to use browser developers window for css changes

                        1 Reply Last reply Reply Quote 0
                        • 1
                        • 2
                        • 2 / 2
                        • First post
                          Last post
                        Enjoying MagicMirror? Please consider a donation!
                        MagicMirror created by Michael Teeuw.
                        Forum managed by Sam, technical setup by Karsten.
                        This forum is using NodeBB as its core | Contributors
                        Contact | Privacy Policy