You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 30, 2019. It is now read-only.
Currently we use not the fixed version of out npm-dependencies. It causes a problems sometimes and package.json and package-lock.json are not really synchronized. Idea is to start using only fixed versions.
What needs to be done
Update .npmrc file to install only exact versions
Update package.json with latest versions
Test how it works
Please feel free to put in comments your ideas and concerns about this approach.
The text was updated successfully, but these errors were encountered:
I agree. Using version ranges can cause problems if dependency maintainers do not strictly follow semver, so I usually suggest installing/saving exact versions—although this does not prevent dependencies from using version ranges themselves, which is why enforcing package-lock.json is good practice.
A couple other actions I would suggest:
Update README to use npm ci instead of npm i.
Do incremental upgrades of dependencies instead of totally rewriting package-lock.json to minimize dependency tree changes.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
What needs to be done
Please feel free to put in comments your ideas and concerns about this approach.
The text was updated successfully, but these errors were encountered: