Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Remove package-lock.json #164

Merged
merged 3 commits into from
Dec 14, 2021
Merged

Remove package-lock.json #164

merged 3 commits into from
Dec 14, 2021

Conversation

GaryGSC
Copy link
Member

@GaryGSC GaryGSC commented Dec 14, 2021

This should reduce noise in this repository, since package-lock.json never gets published to npm. This is a library, so we don't really need it. The .npmrc will cause us to stop generating package-lock.json going forward.

@codecov
Copy link

codecov bot commented Dec 14, 2021
edited
Loading

Codecov Report

Merging #164 (fb0d3b6) into main (ce0198e) will not change coverage.
The diff coverage is n/a.

❗ Current head fb0d3b6 differs from pull request most recent head dc447d3. Consider uploading reports for the commit dc447d3 to get more accurate results
Impacted file tree graph

@@           Coverage Diff           @@
##             main     #164   +/-   ##
=======================================
  Coverage   77.27%   77.27%           
=======================================
  Files           2        2           
  Lines          22       22           
  Branches        6        6           
=======================================
  Hits           17       17           
  Misses          5        5

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ce0198e...dc447d3. Read the comment docs.

@GaryGSC
Copy link
Member Author

GaryGSC commented Dec 14, 2021

Apparently, removing the lockfile breaks our npm audit workflow. We should get fewer false positives without the lockfile, and I believe we get the same benefits just by keeping up with our Dependabot PRs.

@GaryGSC GaryGSC requested a review from a team December 14, 2021 17:19
yoshutch
yoshutch reviewed Dec 14, 2021
View reviewed changes
Copy link
Contributor

@yoshutch yoshutch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this require a bumped version in package.json?

@GaryGSC
Copy link
Member Author

GaryGSC commented Dec 14, 2021

Probably. I haven't checked how the release automation works here. I'll do that.

@GaryGSC GaryGSC requested a review from yoshutch December 14, 2021 17:23
@GaryGSC GaryGSC merged commit e81428a into main Dec 14, 2021
@GaryGSC GaryGSC deleted the remove-package-lock branch December 14, 2021 17:25
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@yoshutch yoshutch yoshutch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GaryGSC @yoshutch