Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to the v2 npm lockfile. #3783

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

jonathanKingston
Copy link
Contributor

This change just updates the lockfile to the version 2 which is backwards compatible with v1.

This simplifies updating dependencies, as otherwise the author will need to downgrade to <v7 npm.

@jginsburgn
Copy link
Member

Shouldn't there also be a change in package.json? Otherwise, how did you generate this PR?

@jonathanKingston
Copy link
Contributor Author

Shouldn't there also be a change in package.json? Otherwise, how did you generate this PR?

I wish, unfortunately this change just comes from having npm v7.0.0 or greater.

The one thing to note is that whilst it is backwards compatible you'll want to be using npm >7 onwards to generate otherwise this will come back. Fixing the npm version in the package.json is an option here and providing an .nvmrc for ease of use.

@devoto13
Copy link
Collaborator

I think we should hold off this a bit and migrate to the NPM 7+ as part of the next major release.

@jonathanKingston
Copy link
Contributor Author

SGTM thanks!

@jginsburgn
Copy link
Member

I think we should hold off this a bit and migrate to the NPM 7+ as part of the next major release.

If the change is backward compatible, why should we hold off for the next major release?

@devoto13
Copy link
Collaborator

My bad! I was certain that NPM 7 does not support Node 10, so that's why I wanted to postpone it. That's actually not the case, so let's consider this.

Caveat is that NPM 6 is the default version in Node prior to 15 and the development installation will fail with the updated lock file. IMO it's okey as the active LTS is Node 16 which comes with NPM 8 out of the box. With the older Node versions developers can also install newer npm with npm i -g npm@latest. I don't think we can provide a smooth transition and will have to choose whether to provide support for developers using NPM 6 or NPM 7+. I'm fine upgrading now, but let me know if you would prefer to postpone it @jginsburgn?

@devoto13 devoto13 reopened this Apr 14, 2022
@devoto13 devoto13 force-pushed the update-npm-lockfile-v2 branch from 5499915 to 2e11239 Compare April 14, 2022 17:10
@jginsburgn
Copy link
Member

My bad! I was certain that NPM 7 does not support Node 10, so that's why I wanted to postpone it. That's actually not the case, so let's consider this.

Caveat is that NPM 6 is the default version in Node prior to 15 and the development installation will fail with the updated lock file. IMO it's okey as the active LTS is Node 16 which comes with NPM 8 out of the box. With the older Node versions developers can also install newer npm with npm i -g npm@latest. I don't think we can provide a smooth transition and will have to choose whether to provide support for developers using NPM 6 or NPM 7+. I'm fine upgrading now, but let me know if you would prefer to postpone it @jginsburgn?

I think this raises a more general issue: establishing the minimum npm version supported.

@jginsburgn
Copy link
Member

@devoto13 how can you tell which is the default npm version for each Node.js and the lifecycle for each npm release?

@devoto13
Copy link
Collaborator

devoto13 commented Apr 25, 2022

@jginsburgn You can find the default npm version here: https://nodejs.org/en/download/releases/. I'm not sure if there is a particular npm version lifecycle defined.

I think this raises a more general issue: establishing the minimum npm version supported.

The problem is that we only want to enforce it for the karma developers, not karma users, so we can't set engines.npm constraint in the package.json. I think we primarily have two choices here:

  1. Migrate to NPM 7 now (potentially in a major release where we drop Node 10 and 12 and add Node 16 and Node 18) and ask developers staying on Node 14 (the only LTS version shipping with npm 6) to install npm 7+ manually.
  2. Migrate to NPM 7 in a year when the Node 14 goes EOL and all supported Node versions come with npm 7+.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants