[wp-trac] [WordPress Trac] #45088: Update package-lock.json for Mac, Linux, and Windows cross-platform compatibility (was: Update package-lock.json)

WordPress Trac noreply at wordpress.org
Sat Oct 13 10:04:47 UTC 2018 

#45088: Update package-lock.json for Mac, Linux, and Windows cross-platform
compatibility
------------------------------+-----------------------------
 Reporter:  azaozz            |       Owner:  (none)
     Type:  defect (bug)      |      Status:  new
 Priority:  normal            |   Milestone:  Future Release
Component:  Build/Test Tools  |     Version:
 Severity:  minor             |  Resolution:
 Keywords:  needs-patch       |     Focuses:
------------------------------+-----------------------------
Changes (by netweb):

 * keywords:  has-patch => needs-patch
 * milestone:  5.0 => Future Release


Comment:

 tl;dr: If [attachment:"45088.diff"] is committed the next Mac or Linux
 user will then generate a different `package-lock.json`

 The issue is documented in:
 > Issue: https://github.com/npm/npm/issues/17722 package-lock.json and
 optional packages
 >
 > Discussion: https://npm.community/t/package-lock-json-keeps-changing-
 between-platforms-and-runs/1129
 >
 > > Assume you have a 2 developers, one on mac, and one on linux. You use
 npm at 5.1 (or v6.x) and your project depends on `chokidar` package. That
 package has ''optional'' dependency of `fsevents`, which is useful only
 for mac. So, you are on linux, and do `npm i chokidar`. npm generates
 `package-lock.json` without `fsevents`, because it is useless on linux.
 You commit that generated file.
 > >
 > > Your teammate pulls your changes, and does `npm i`, to get
 `node_modules` in sync with `package-lock.json`. Npm installs `fsevents`,
 and writes it to `package-lock.json`. What should mac user to do? commit
 that file?
 > >
 > > Assume that mac user commits file. Linux user pulls it, and make `npm
 install`. Npm does not install `fsevents`, and removes it from `package-
 lock.json`. And this become annoying very quickly.


 ----

 To confirm the above theory using the latest release Node.js v8.12.0 and
 npm 6.4.1 I applied [attachment:"45088.diff"] on my Mac here locally and
 deleted the `node_modules` folder, then running `npm install` results in
 the `package-lock.json` file being restored to the original state before
 [attachment:"45088.diff"] was applied.

 I'd love to have this fixed as we've had this ongoing issue for quite some
 time, see [39368], though until there's an upstream fix there's nothing
 much that can be done, as such I'm bumping this to ''future release''

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/45088#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list