Closed JanKoehnlein closed 7 years ago
We might want to switch to fixed versions :-(
or npm shrinkwrap
or npm shrinkwrap
From the npm docs, regarding npm-shrinkwrap.json
:
It's strongly discouraged for library authors to publish this file, since that would prevent end users from having control over transitive dependency updates.
ok, but fixed versions are not helping either, only if you don't list all your transitive dependencies explicitly
npm shrinkwrap has a decent workflow to tighten the version constraints, but having both, a package.json
and an npm-shrinkwrap.json
is also a bit odd.
Maybe we could at least do an automated daily/weekly build, that makes sure the code compiles and tests are green given the dependency constraints as defined in package.json
? That could at least warn us that something external has changed for the bad.
Solved by moving to yarn.
At a customer, I copied the sprotty config and it turned out to no longer build Looks like the latest versions of typescript and typings are incompatible. Task here: Make sure it still builds after an
npm update
, and if not fix it. Reiterate on the theia example.