Skip to content

fix(ci): lock file validation#4363

Merged
ruyadorno merged 1 commit intonpm:release-nextfrom
ruyadorno:npm-ci-validate-inventories
Feb 3, 2022
Merged

fix(ci): lock file validation#4363
ruyadorno merged 1 commit intonpm:release-nextfrom
ruyadorno:npm-ci-validate-inventories

Conversation

@ruyadorno
Copy link
Contributor

@ruyadorno ruyadorno commented Feb 3, 2022
edited
Loading

Make sure to validate any lock file (either package-lock.json or
npm-shrinkwrap.json) against the current install. This will properly
throw an error in case any of the dependencies being installed don't
match the dependencies that are currently listed in the lock file.

References

Fixes: #2701
Fixes: #3947

@ruyadorno ruyadorno requested a review from a team as a code owner February 3, 2022 03:26
@ruyadorno ruyadorno added Release 8.x work is associated with a specific npm 8 release release: next These items should be addressed in the next release semver:patch semver patch level for changes labels Feb 3, 2022
@ruyadorno ruyadorno force-pushed the npm-ci-validate-inventories branch from 5319356 to 7a51d96 Compare February 3, 2022 03:34
@ruyadorno
fix(ci): lock file validation
2620447 
Make sure to validate any lock file (either package-lock.json or
npm-shrinkwrap.json) against the current install. This will properly
throw an error in case any of the dependencies being installed don't
match the dependencies that are currently listed in the lock file.

Fixes: npm#2701
Fixes: npm#3947
@ruyadorno ruyadorno force-pushed the npm-ci-validate-inventories branch from 7a51d96 to 2620447 Compare February 3, 2022 03:51
wraithgar
wraithgar reviewed Feb 3, 2022
View reviewed changes
lib/commands/ci.js
throw new Error(
'`npm ci` can only install packages when your package.json and ' +
'package-lock.json or npm-shrinkwrap.json are in sync. Please ' +
'update your lock file with `npm install` ' +
Copy link
Member

@wraithgar wraithgar Feb 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯 having a path to resolution here explicitly laid out

Copy link
Contributor Author

@ruyadorno ruyadorno Feb 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agreed! to be fair it's not my doing 😁 I'm just reinstating the message from v6:

https://github.com/npm/libcipm/blob/9ab1a620db485c137b1c89979c80beddf7e2da42/index.js#L172-L178

wraithgar
wraithgar reviewed Feb 3, 2022
View reviewed changes
@ruyadorno ruyadorno merged commit 457e0ae into npm:release-next Feb 3, 2022
@ruyadorno ruyadorno mentioned this pull request Feb 3, 2022
Merged
@npm-robot npm-robot mentioned this pull request Feb 3, 2022
Merged
@wraithgar wraithgar mentioned this pull request Feb 17, 2022
Merged
siddharthkp pushed a commit to primer/react that referenced this pull request Feb 17, 2022
@wraithgar
chore(package-lock): remove git conflict, invalid versions (#1869)
b22a795 
Invalid typescript version makes `npm ci` fail in the latest npm
npm/cli#4363

Merge conflict was introduced in
#1771
@das7pad
Copy link

das7pad commented Feb 21, 2022

Hi! Are there plans for back-porting this fix to npm@v7?

@Sinclert Sinclert mentioned this pull request Feb 23, 2022
Closed
@jeffposnick jeffposnick mentioned this pull request Apr 1, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wraithgar wraithgar wraithgar approved these changes

Assignees

No one assigned

Labels

release: next These items should be addressed in the next release Release 8.x work is associated with a specific npm 8 release semver:patch semver patch level for changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ruyadorno @das7pad @wraithgar