search

codeforcauseorg / edu-client

Product focuses on 100% education as well as upskilling developing countries and rural areas.
https://educlient.codeforcause.org/
MIT License
128 stars 148 forks source link

package-lock.json changes on npm install #248

Open faisaljamil25 opened 3 years ago

faisaljamil25 commented 3 years ago

Describe the bug

This is encountered by many developers. This is actually not a bug but this is happening due to the different versions of npm developers are using and when they try to npm install, the lockfileVersion changes from 1 to 2, and therefore package-lock.json also changes.

Reason

In the recent version of npm i.e v7, a new Lockfile Format has been introduced to increase the performance. Reference

To Reproduce

Steps to reproduce the behavior:

  1. Upgrade npm to the latest version To upgrade on Linux: sudo npm install -g npm@latest To upgrade on Windows follow this link
  2. Pull the latest commits on your local Git repo
  3. npm install

Solution

Since the main repo is using lockfileVersion: 1 there could be two solutions:

  1. Mentors can merge a PR containing lockfileVersion: 2 or upgrade the npm version by themselves and then run npm install. As v2 is backward compatible this should not create bugs for developers using npm versions 5 or 6. See here

  2. As long as this issue is not solved, developers can run npm ci instead of npm install as it installs dependencies directly from package-lock.json so lockfileVersion would not get changed.

Any suggestions @KeenWarrior @kunal-kushwaha @Abhishek-kumar09

vasudevsinghal commented 3 years ago

Will the change would be backward compatible? And Do you want to work on this issue