-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pin all dependencies #703
Pin all dependencies #703
Conversation
Pattern Lab Node Core 2.12.0
Why would you do this over a yarn.lock or a package-lock.json? Genuinely curious. Admittedly it should probably have one or the other. |
Appreciate the question - it's a good one. Pattern Lab has always been a balancing act between approachability and power. One reason we still ship with Mustache as the default is how simple it is. This fact was relayed to me just today by a designer. Shipping with hawt new stuff is sometimes more to learn for people already harried by many other factors - and therefore creating a base experience is important.
Until support (which follows LTS) reaches the point where we can assume most users are on Node 8 (perhaps that's soon judging by https://github.com/nodejs/Release) I intentionally wanted to do the simplest thing that would make users a bit more safe (albeit potentially behind in deps) |
So essentially it comes down to the users may not have Yarn and may not be running Node 8, version pinning allows for specific versioning with legacy support |
Do I need to change anything in my PR |
You are good - the build is breaking due to something unrelated which I will look into. edit: this was breaking for precisely the benefits the semver range provides, in this case patternengine-node-mustache required 1.0.2 not 1.0.0 |
I don't think this was the best way to fix dependencies. You could have use |
@jfroffice I think that's a fair criticism. Admittedly I know nothing about how shrinkwrap works. On the 3.X branch we will be landing soon, I will be implementing the package-lock.json concept anyways, which will likely bring this issue back into focus (and possibly re-add the carets?) |
it is used to freeze your dependencies on a working version. So on, you can use
hopefully |
Addresses #684
Summary of changes:
I have pinned all node dependencies