Comments (7)
Very true, thanks again for the suggestions 😄
from lockfile-lint.
Totally understand where this is helpful to force a specific one version for the team, but I think this shouldn't be done with lockfile-lint, but rather with something like nvm's .nvmrc
(see here: https://github.com/nvm-sh/nvm#nvmrc) or if you use fnm then the corresponding config.
Does that make sense?
from lockfile-lint.
I see what you mean with .nvmrc however that doesn't force the version as the developer needs to remember to run nvm use
. So it's possible if the developer uses a different default Node version to what the project uses it can be missed.
Also using a specific Node version doesn't always mean that the npm versions are the same.
Current example is, I use the default npm version with Node 10 however a team member had upgraded to the latest npm while still on Node 10. This meant I was on lockfileVersion 1 and they were on 2
from lockfile-lint.
lockfileVersion
2 is actually backwards compatible with lockfileVersion 1 :-)
So, some ideas for other workarounds that can apply here:
- You can specify the Node.js runtime versions, and also the npm runtime version with
package.json
'sengines
field. See here - You can also explicitly have a
.npmrc
file with a lockfile-version configuration setting to force it.
Any of this is helpful?
from lockfile-lint.
It may be compatible but we had the issue of the package-lock rewriting itself to match the correct schema for the npm version used and switching back and forth. So wanted to have something that would automatically flag this.
lockfile-version in .npmrc
is a good idea though, thanks.
Looking more at .npmrc
, wouldn't the registry key do similar as to the checks here for hosts, https?
from lockfile-lint.
lockfile-version in .npmrc is a good idea though, thanks.
🤗
Looking more at .npmrc, wouldn't the registry key do similar as to the checks here for hosts, https?
Nope. It doesn't force a trust policy, but merely sets the default upstream repository for when you do npm install
.
from lockfile-lint.
Anytime!
Thank you for bringing this up and brainstorming with us ❤️
from lockfile-lint.
Related Issues (20)
- Limit reliance on `fs` and other powerful builtins in lockfile-lint-api HOT 4
- Epic: enable fearless cooperation HOT 3
- Remove strict dependency on `debug` in lockfile-lint-api
- publishing doesn't seem to work anymore HOT 10
- Bare output option for basic environments HOT 1
- lockfile-lint failed parsing a URL object from given host value so using as is HOT 4
- Renovate PRs don't include release notes
- Bug: CLI Argument parsing typos invokes other validates HOT 10
- Usage in a monorepo with local packages HOT 1
- Potential issue with parsing HTTPS schemes HOT 1
- package@version exemptions for --validate-integrity HOT 6
- Is it possible to run this for all yarn.lock files? HOT 4
- Parsing empty `yarn.lock` fails HOT 2
- Does not support NPM lockfile version 3 HOT 10
- Mark results as OK, how? HOT 3
- --version results in error in 4.12.0 HOT 3
- Check integrity values for weak hashes HOT 5
- Support mechanism for exceptions on integrity value requirements to the CLI HOT 2
- Does .lockfile-lint.js config work? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lockfile-lint.