JanKoehnlein
commented
7 years ago We might want to switch to fixed versions :-(
Closed JanKoehnlein closed 7 years ago
JanKoehnlein
commented
7 years ago We might want to switch to fixed versions :-(
akosyakov
commented
7 years ago or npm shrinkwrap
spoenemann
commented
7 years ago or npm shrinkwrap
From the npm docs, regarding npm-shrinkwrap.json:
It's strongly discouraged for library authors to publish this file, since that would prevent end users from having control over transitive dependency updates.
akosyakov
commented
7 years ago ok, but fixed versions are not helping either, only if you don't list all your transitive dependencies explicitly
JanKoehnlein
commented
7 years ago npm shrinkwrap has a decent workflow to tighten the version constraints, but having both, a package.json and an npm-shrinkwrap.json is also a bit odd.
Maybe we could at least do an automated daily/weekly build, that makes sure the code compiles and tests are green given the dependency constraints as defined in package.json? That could at least warn us that something external has changed for the bad.
JanKoehnlein
commented
7 years ago Solved by moving to yarn.
At a customer, I copied the sprotty config and it turned out to no longer build Looks like the latest versions of typescript and typings are incompatible. Task here: Make sure it still builds after an
npm update, and if not fix it. Reiterate on the theia example.