Update dependencies #583
Update dependencies #583
Conversation
| @@ -13,7 +13,7 @@ jobs: | |||
| with: | |||
| node-version: "16" | |||
|
|
|||
| - run: npm install | |||
| - run: npm ci | |||
There was a problem hiding this comment.
npm ci will install the exact modules listed in the package-lock.json file. So you know that your published version will work exactly the same as it did for you locally. Without a lock file, or using npm install (which updates the lock file), you can end up with a sub-dependency at a different version which may cause unforeseen issues.
npm ci basically solves the "works on my machine" issue. Now it works on all machines.
| "build": "esbuild src/index.js --bundle --minify --platform=node --outfile=./dist/index.cjs" | ||
| }, | ||
| "ManifestComments": [ | ||
| "Pinned update-notifier to 5.1.0, v6+ requires ESM" | ||
| ], |
There was a problem hiding this comment.
Unfortunately JSON files do not support comments. So I've added this section here, so documentation around the package.json file can still occur.
If you think package.json files should be more permissive to allow for comments, you can +1 this post:
| - run: npm run install | ||
| node-version: ${{ matrix.node-version }} | ||
| npm-version: '8.5.0' | ||
| - run: npm ci |
There was a problem hiding this comment.
File Changes:
node=>node-version, most repos name the node matrix this, don't know why, but just making it like the rest.npm 8.5.0- By default Node 14 comes with npm 6, which supports v1 lock files. But this PR includes a V2 lockfile. So we need to use npm 7 or above for that.actions-setup-node=>volta-cli/action, This lets us easily set the Node and npm versions in one go, so we can do Node 14, 16, or 18 all with npm 8.5.0npm run install=>npm ci, this makes sure we download the exact same dependency versions that were used during development
pnpmstuff, to simplify the repo.package-lock.jsonis fromnpmnpminstructionsnpmscripts no longer usepnpmnpm cipackage-lock.json