#7535 closed task (fixed)
Add npm `package-lock.json` for npm v5.x
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 3.0 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Build/Test Tools | Keywords: | needs-codex |
Cc: |
Description
npm v5 now by default generates a package-lock.json
file
Some paraphrased notes from the announcement post: http://blog.npmjs.org/post/161081169345/v500
package-lock.json
andnpm-shrinkwrap.json
are aware of each other and happy to coexist
- package locks no longer exclude optionalDependencies that failed to build. This means
package-lock.json
andnpm-shrinkwrap.json
should now be cross-platform.
- Running npm while offline will no longer insist on retrying network requests. npm will now immediately fall back to cache if possible, or fail, npm's caching is vastly improved in npm 5
- On performance, NodeJS 6.9.1 and NPM 3.10.8 running
npm install
in tests took ~63.94 seconds on average, with NodeJS v7.10.0 and npm v5.0.0 this is halved to ~26.26 seconds on average, once npm modules are cached reinstallingnode_modules
averages 16.163 seconds, just shy of a 4x speed boost- Detailed bbPress, BuddyPress, and WordPress performance tests can be seen in this spreedsheet
- The performance boost is comparable to that of Yarn, initial install 21.40 seconds, and subsequent installs 18.82 seconds, see #38603
Related: #7378 Investigate using yarn instead of npm
Related: #WP40938 Add npm package-lock.json
for npm v5.x
Attachments (1)
Change History (10)
This ticket was mentioned in Slack in #buddypress by netweb. View the logs.
8 years ago
#4
@
8 years ago
I've nearly grok'd all there is know about npm 5...
To that end some recent knowledge ingestion a package-lock.json
and npm-shrinkwrap.json
are interchangeable, in essence one could be renamed to other and it will work as intended.
Another is that npm has no LTS releases, everyone should be running the latest version of npm, at the time of writing that is npm 5.2.0
see also http://blog.npmjs.org/post/162451604515/the-npm-clis-long-term-support-lts-policy
The plan I have now to move forward with this is to rename npm-shrinkwrap.json
to package-lock.json
, then using npm 5.2.0
to update the file package-lock.json
with the updated file format added as part of npm 5.1.0
release.
This will also help to avoid scenarios where unexpected changes to npm-shrinkwrap.json
occurs such as this.
I'm pretty keen on this change as it both benefits contributors and the repo, for contributors things become a little simpler in that npm install
is for the most part the only command you'll ever need to run ever again, for the repo, this changes ensures a consistent set of build tool versions across all platforms that install faster than ever before.
#5
@
7 years ago
- Keywords needs-codex added
Also the codex page https://codex.buddypress.org/prelaunch-checklist/ needs updating once this change is made
Via https://docs.npmjs.com/files/package-lock.json
It's one or the other, not both files, that gives us a few options to consider, whilst I think about those and the best path forward I'll tuck this ticket into the future release milestone.
p.s. My initial thoughts are we switch from having a
npm-shrinkwrap.json
file to having thepackage-lock.json
file