Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove package-lock.json #83

Merged
merged 2 commits into from
Jul 15, 2022
Merged

Remove package-lock.json #83

merged 2 commits into from
Jul 15, 2022

Conversation

remcohaszing
Copy link
Member

Initial checklist

  • I read the support docs
  • I read the contributing guide
  • I agree to follow the code of conduct
  • I searched issues and couldn’t find anything (or linked relevant results below)
  • If applicable, I’ve added docs and tests

Description of changes

Lockfile version 3 is the successor of version 1. Version 2 is an intermediate format which includes data for both lockfile versions 1 and 3. This means it’s about twice as big and contains twice as many diffs to review.

Most unified packages don’t use lockfiles, but I do think it’s a good idea to use for VSCode plugins. For example new features introduced in unified-language-server shouldn’t go unnoticed for VSCode Remark users.

@wooorm
Copy link
Member

wooorm commented Dec 23, 2021

For example new features introduced in unified-language-server shouldn’t go unnoticed for VSCode Remark users.

Can you expand on this? I don‘t quite get it.
Shouldn’t we then use a ~ version range for unified-language-server, and release a new version of this package when that package updates?

@wooorm
Copy link
Member

wooorm commented Dec 27, 2021

@remcohaszing ping!

@codecov-commenter

This comment has been minimized.

Sign in to view
@remcohaszing
Copy link
Member Author

I have mixed feelings about lockfiles. I like having reproducible builds, but managing lockfiles can be a churn. I have been using lockfiles for my own projects, but have also been thinking of removing them.

I can relate with this comment

Lockfiles for apps, but not for packages.

In case of a VS Code extension, I lean towards saying it’s more of an app than a package. The end user won’t get updates by updating their dependencies or force reinstalling it. They rely on the release cycle of this plugin. If unified-language-server gets a release with new features, remark-language-server gets these features automatically. For vscode-remark another release is needed and it makes sense to document the new features in the release notes, even if they come from upstream.

Regardless of the stance on lockfiles, I do believe package-lock.json v3 is superior over v2 (the npm default), because v2 is just lockfile v1 and v3 combined in one JSON file, duplicating its size.

@wooorm
Copy link
Member

wooorm commented Jul 14, 2022

I’m in favor of removing it instead of updating.
If we didn’t remove, then updating would be useful.

While lockfiles could provide some useful information in the problem you mention, they are often so verbose that lockfile updates are often ignored if CI works fine, defeating that purpose.

@remcohaszing remcohaszing changed the title Use lockfile version 3 Remove lockfile Jul 14, 2022
@github-actions github-actions bot added the 🤞 phase/open Post is being triaged manually label Jul 14, 2022
@remcohaszing
Use lockfile version 3
f2e99b6 
Lockfile version 3 is the successor of version 1. Version 2 is an
intermediate format which includes data for both lockfile versions 1 and
3. This means it’s about twice as big and contains twice as many diffs
to review.
@remcohaszing
Remove lockfile
3268a44
@wooorm wooorm changed the title Remove lockfile Remove package-lock.json Jul 15, 2022
@wooorm wooorm merged commit 3d03ba3 into remarkjs:main Jul 15, 2022
@wooorm wooorm added 🏗 area/tools This affects tooling 💪 phase/solved Post is done labels Jul 15, 2022
@github-actions

This comment has been minimized.

Sign in to view
@github-actions github-actions bot removed the 🤞 phase/open Post is being triaged manually label Jul 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristianMurphy ChristianMurphy ChristianMurphy approved these changes

@wooorm wooorm wooorm approved these changes

Assignees
No one assigned
Labels
🏗 area/tools This affects tooling 💪 phase/solved Post is done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@remcohaszing @wooorm @codecov-commenter @ChristianMurphy