Read the statement by Michael Teeuw here.
Update script not updating
-
@ankonaskiff17 yes… no one should ship a package-lock.json as part of their release
this is only used by testing systems to make sure the environment is exact
-
@sdetweil actually the opposite is true, everyone should ship a lock file with its repository to ensure you will get the exact same dependencies that were tested with and not something newer which can introduce issues.
But if you just run
npm install
npm will update the lock file. So the effect is like not shipping a lock file at all.Instead, you should use
npm ci
if there is a lock file https://docs.npmjs.com/cli/v8/commands/npm-ci. This makes sure that you have exactly the same dependencies no matter if there is a newer version available. -
@strawberry-3-141 however. not everyone runs the same platform as used during test, so all the parts change.
-
@sdetweil the hardware might be different but at least the code and dependencies are the same which increases the chances to reproduce and fix the issue
-
@strawberry-3-141 but thats not true
on intel I get one version
on arm (32bit) I get a diffferent version
on arm (64bit) I get a different version
on aarch64 i get a different versionespecially if there is a binary… and who knows what is buried under there