MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    Best practice 'package-lock.json' for modules

    Scheduled Pinned Locked Moved
    Development
    5
    18
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mumblebajM
      mumblebaj Module Developer @Jalibu
      last edited by

      My 2 cents worth.

      @Jalibu I agree with your view.

      It is highly recommended you commit the generated package lock to source control: this will allow anyone else on your team, your deployments, your CI/continuous integration, and anyone else who runs npm install in your package source to get the exact same dependency tree that you were developing on.

      See npm documentation

      @KristjanESPERANTO Personally I always add it to .gitignore along with node_modules folder.

      Check out my modules at: https://github.com/mumblebaj?tab=repositories

      S 1 Reply Last reply Reply Quote 1
      • S
        sdetweil @mumblebaj
        last edited by

        @mumblebaj right it’s good for teams and automated test. but not here.

        os at different levels, architectures, node levels.

        I test on Jetson nano, odroid the entire pi family, amd64, arm64, lots of different Linux OS es, virtual machines on amd and arm

        package-lock is useless and an inhibitor.

        modules should NEVER ship it.

        Sam

        How to add modules

        learning how to use css

        KristjanESPERANTOK 1 Reply Last reply Reply Quote 0
        • KristjanESPERANTOK
          KristjanESPERANTO Module Developer @sdetweil
          last edited by

          Wouldn’t that also be a good idea for the core? It would probably make sense to use the same strategy for the core as for the modules.

          @rejas @karsten13

          S 2 Replies Last reply Reply Quote 0
          • S
            sdetweil @KristjanESPERANTO
            last edited by

            @KristjanESPERANTO well we use it to control the test platforms. but you can’t delete it for clone

            Sam

            How to add modules

            learning how to use css

            1 Reply Last reply Reply Quote 0
            • S
              sdetweil @KristjanESPERANTO
              last edited by

              @KristjanESPERANTO i just did an npm ci in a module folder with no package-lock.json and it complained that it required package-lock.json

              pi@raspberrypi5:~/Documents/MagicMirror/modules/MMM-Soliscloud $ npm ci
npm ERR! code EUSAGE
npm ERR! 
npm ERR! The `npm ci` command can only install with an existing package-lock.json or
npm ERR! npm-shrinkwrap.json with lockfileVersion >= 1. Run an install with npm@5 or
npm ERR! later to generate a package-lock.json file, then try again.
npm ERR!

              Sam

              How to add modules

              learning how to use css

              KristjanESPERANTOK 1 Reply Last reply Reply Quote 0
              • KristjanESPERANTOK
                KristjanESPERANTO Module Developer @sdetweil
                last edited by

                That’s the point of npm ci it takes the package-lock.json to install and it don’t change it.

                KristjanESPERANTOK 1 Reply Last reply Reply Quote 0
                • KristjanESPERANTOK
                  KristjanESPERANTO Module Developer @KristjanESPERANTO
                  last edited by

                  well we use it to control the test platforms.

                  Can you show me where?

                  S karsten13K 2 Replies Last reply Reply Quote 0
                  • S
                    sdetweil @KristjanESPERANTO
                    last edited by

                    @KristjanESPERANTO in the npm install on the different test instances. I don’t build those

                    these are effectively docker images, build and execute, throw away

                    Sam

                    How to add modules

                    learning how to use css

                    1 Reply Last reply Reply Quote 0
                    • karsten13K
                      karsten13 @KristjanESPERANTO
                      last edited by

                      @KristjanESPERANTO said in Best practice 'package-lock.json' for modules:

                      Can you show me where?

                      we don’t use npm ci but I’m not sure what npm install does if package-lock.json is present.

                      I do the tests after building my docker images on my own and I always delete package-lock.json before running npm install to be sure getting the newest deps.

                      S 1 Reply Last reply Reply Quote 1
                      • S
                        sdetweil @karsten13
                        last edited by

                        @karsten13 package-lock is SUPPOSED to insure installing EXACTLY those versions every time

                        Sam

                        How to add modules

                        learning how to use css

                        1 Reply Last reply Reply Quote 0
                        • 1
                        • 2
                        • 2 / 2
                        • First post
                          Last post
                        Enjoying MagicMirror? Please consider a donation!
                        MagicMirror created by Michael Teeuw.
                        Forum managed by Sam, technical setup by Karsten.
                        This forum is using NodeBB as its core | Contributors
                        Contact | Privacy Policy