search

anametologin / krohnkite

A dynamic tiling extension for KWin
MIT License
95 stars 7 forks source link

Add package-lock.json #40

Closed NotLebedev closed 1 week ago

NotLebedev commented 1 week ago

As per npm docs package-lock.json

is intended to be committed into source repositories, and serves various purposes Additionally other kwin script repositories such as polonium also commit this file, so this seems to be suitable in this usecase.

Personally I tried to package it using nix and it won't do it without package-lock (because in general this may lead to non-reproducible build)

Thank you for your work on supporting this project!

anametologin commented 1 week ago

is intended to be committed into source repositories, and serves various purposes

  1. I've read all purposes and haven't found any reasonable for this repository.
  2. everyone can easily generate it make package command
  3. package-lock.json can be different from system to system
  4. your package-lock.json is different from mine. Obviously you are using MacOS of something like this.
  5. tsc version "^5..." -frozen only major version number, but everyone can have their own minor version.
NotLebedev commented 1 week ago
  1. I've read all purposes and haven't found any reasonable for this repository.

It's true that this project only has devDependencies and thus need for package-lock.json is less. However the part aqbout continuous integration are guaranteed to install exactly the same dependencies is exactly why I created this. Package manager can vendor package-lock.json but then your distribution through kde store would be different from packaged versions. Then it may be difficult to reproduce some edge cases in bug reports.

  1. package-lock.json can be different from system to system
  2. your package-lock.json is different from mine. Obviously you are using MacOS of something like this.

That's exactly my point. I'm not even using macOS, as you suggested, but still there are some differences. I'm not sure how this may change behavior of different builds and introduce problems when debugging.

In any case I agree with you that this is not a critical problem. In my opinion it's just QOL for packaging and possibly debugging some edge cases. If you believe that there is no need for this change feel free to close PR.

anametologin commented 1 week ago

Until this becomes a problem I will refrain from adding package-lock.json to repository.