MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    Best practice 'package-lock.json' for modules

    Scheduled Pinned Locked Moved Development
    18 Posts 5 Posters 7.4k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KristjanESPERANTOK Offline
      KristjanESPERANTO Module Developer @sdetweil
      last edited by KristjanESPERANTO

      Why npm ci doesn’t help? It doesn’t change the package-lock.json.

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        sdetweil @KristjanESPERANTO
        last edited by

        @KristjanESPERANTO but something else will over the months. and we have to retrain all our users.

        Sam

        How to add modules

        learning how to use browser developers window for css changes

        KristjanESPERANTOK 1 Reply Last reply Reply Quote 0
        • KristjanESPERANTOK Offline
          KristjanESPERANTO Module Developer @sdetweil
          last edited by

          but something else will over the months.

          “something else” will change the package-lock.json? How can that happen?

          and we have to retrain all our users.

          This is certainly a considerable disadvantage compared to approach 1.

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            sdetweil @KristjanESPERANTO
            last edited by

            @KristjanESPERANTO said in Best practice 'package-lock.json' for modules:

            “something else” will change the package-lock.json? How can that happen?

            someone will forget to be in the modules folder and poof it happens at the root…

            Sam

            How to add modules

            learning how to use browser developers window for css changes

            JalibuJ 1 Reply Last reply Reply Quote 0
            • JalibuJ Offline
              Jalibu Module Developer @sdetweil
              last edited by

              It is generally recommended best practice to check-in the package-lock.json for node modules.
              However, I in our case of MM-Modules the disadvantages clearly outweigh the expected advantages in my opinion.

              In my modules, it is therefore part of .gitignore

              KristjanESPERANTOK mumblebajM 2 Replies Last reply Reply Quote 1
              • KristjanESPERANTOK Offline
                KristjanESPERANTO Module Developer @Jalibu
                last edited by

                @Jalibu I just wanted to point you to this conversation. Thanks for your feedback! :-)

                I’m thinking about adding a check for it to my project.

                1 Reply Last reply Reply Quote 0
                • mumblebajM Offline
                  mumblebaj Module Developer @Jalibu
                  last edited by

                  My 2 cents worth.

                  @Jalibu I agree with your view.

                  It is highly recommended you commit the generated package lock to source control: this will allow anyone else on your team, your deployments, your CI/continuous integration, and anyone else who runs npm install in your package source to get the exact same dependency tree that you were developing on.

                  See npm documentation

                  @KristjanESPERANTO Personally I always add it to .gitignore along with node_modules folder.

                  Check out my modules at: https://github.com/mumblebaj?tab=repositories
                  Check my blog-post: https://mumblebaj.xyz/

                  S 1 Reply Last reply Reply Quote 1
                  • S Offline
                    sdetweil @mumblebaj
                    last edited by

                    @mumblebaj right it’s good for teams and automated test. but not here.

                    os at different levels, architectures, node levels.

                    I test on Jetson nano, odroid the entire pi family, amd64, arm64, lots of different Linux OS es, virtual machines on amd and arm

                    package-lock is useless and an inhibitor.

                    modules should NEVER ship it.

                    Sam

                    How to add modules

                    learning how to use browser developers window for css changes

                    KristjanESPERANTOK 1 Reply Last reply Reply Quote 0
                    • KristjanESPERANTOK Offline
                      KristjanESPERANTO Module Developer @sdetweil
                      last edited by

                      Wouldn’t that also be a good idea for the core? It would probably make sense to use the same strategy for the core as for the modules.

                      @rejas @karsten13

                      S 2 Replies Last reply Reply Quote 0
                      • S Offline
                        sdetweil @KristjanESPERANTO
                        last edited by

                        @KristjanESPERANTO well we use it to control the test platforms. but you can’t delete it for clone

                        Sam

                        How to add modules

                        learning how to use browser developers window for css changes

                        1 Reply Last reply Reply Quote 0
                        • 1
                        • 2
                        • 1 / 2
                        • First post
                          Last post
                        Enjoying MagicMirror? Please consider a donation!
                        MagicMirror created by Michael Teeuw.
                        Forum managed by Sam, technical setup by Karsten.
                        This forum is using NodeBB as its core | Contributors
                        Contact | Privacy Policy