Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

all: audit use of npm install and pin versions in package.json #2010

Closed
hyangah opened this issue Jan 11, 2022 · 4 comments
Closed

all: audit use of npm install and pin versions in package.json #2010

hyangah opened this issue Jan 11, 2022 · 4 comments

Comments

@hyangah
Copy link
Contributor

hyangah commented Jan 11, 2022

We ask devs to use npm ci for installing dependencies for development instead of npm install.
But in some places, we still do. Clean up documentation and scripts and remove use/mention of npm install.

If necessary, pin all the versions in package.json and work with only known good versions of dependencies.

@hyangah hyangah added this to the Unplanned milestone Jan 11, 2022
@gopherbot
Copy link
Collaborator

Change https://golang.org/cl/379155 mentions this issue: package.json: pin direct dependencies

@gopherbot
Copy link
Collaborator

Change https://golang.org/cl/379154 mentions this issue: docs/contributing.md: encourage npm ci instead of npm install

@hyangah hyangah modified the milestones: Unplanned, v0.31.0 Jan 18, 2022
gopherbot pushed a commit that referenced this issue Jan 18, 2022
Update #2010

Change-Id: I793e044507c628f40d322780a56d7b003315f1df
Reviewed-on: https://go-review.googlesource.com/c/vscode-go/+/379154
Trust: Hyang-Ah Hana Kim <[email protected]>
Run-TryBot: Hyang-Ah Hana Kim <[email protected]>
TryBot-Result: kokoro <[email protected]>
Reviewed-by: Jamal Carvalho <[email protected]>
@gopherbot
Copy link
Collaborator

Change https://go.dev/cl/379154 mentions this issue: docs/contributing.md: encourage npm ci instead of npm install

@gopherbot
Copy link
Collaborator

Change https://go.dev/cl/379155 mentions this issue: package.json: pin direct dependencies

@golang golang locked and limited conversation to collaborators Feb 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants