Electron Build Should Copy Lock File

[etctschq]

Is your feature request related to a problem? Please describe.
Currently the Electron build process copies the project package.json to the build directory and performs a production install from that. If the package.json doesn't specify exact versions of all dependencies, this can lead to the build using different versions of dependencies than dev.

In my case, one of my dependencies introduced a breaking change in a minor version (poor form, I know). My package.json specified "^2.8.0". Running "quasar dev -m electron" resulted in using 2.8.0 from the version controlled package-lock.json and worked fine, but "quasar build -m electron" installed the latest 2.x.0 release, which produced a non-functional build.

Describe the solution you'd like
Prior to the Electron package installation step, the project package-lock.json or yarn.lock, as determined by the nodePackager variable, should be copied into the electron UnPackaged build directory. I've verified that this results in installing just production dependencies at the locked versions for npm. I believe this should be true for yarn as well, but have not confirmed.

Describe alternatives you've considered
If introducing the behavior specified above might cause issues I haven't considered, the behavior could be added to the Electron documentation, perhaps with a slightly more polished version of this work around that I have successfully added to the build property in quasar.conf.js:

async beforeBuild() {
  const unpackagedPath = `${__dirname}/dist/electron/UnPackaged`;
  mkdirp.sync(unpackagedPath);
  fs.copyFileSync(`${__dirname}/package-lock.json`, `${unpackagedPath}/package-lock.json`);
},

Additional context
I'm willing to try to familiarize my self a bit more with the Quasar code base and put together a PR if this feature gets a green light. If somebody already familiar can immediately point out what method would be most appropriate to extend for this, that would be helpful. I assume the method that copies package.json currently, but I haven't tracked that down yet.

[rfox12]

I know this is an old issue, but I think a neat / clean way you can accomplish this is by using the extendPackageJson section of the quasar.conf.js https://quasar.dev/quasar-cli/developing-electron-apps/configuring-electron#quasar-conf-js

My idea here is not to copy the lock file, but rather to pin the package.json to specific versions each time you build. Through extendPackageJson Quasar essentially allows you to modify the package.json during deployment... so you could read what versions of each package you have in development and pin specific versions dynamically when you build.

[rfox12]

Side note in practice I too have been copying the package-lock.json. @rstoenescu it seems you have some interest here... is there any reason user-land devs should not copy package-lock.json? Or is there some preferred direction you want to take with regards to Quasar?

[hawkeye64]

This is a bit of a snowball issue (the more you start on it the bigger it gets). You have different packagers (npm, yarn, pnpm, etc) as well, some of these support workspaces (npm 7?, yarn, pnpm).

[rfox12]

And it seems some cool new Vite goodness on the horizon. Yep... 100% agree we can leave this to folks to figure out. For posterity two easy ways that I know of right off the bat...

1. add a script to your package.json like this:

"build": "quasar build -m electron",
"postbuild": "node -e \"require('fs-extra').copySync('package-lock.json', '../dist/electron/package-lock.json');\"",

with whatever path you want relative to package.json. The post prefix there causes the postbuild script to run immediately after the build script automatically.
or (probably better)
2) modify quasar.conf with a pre-build or post-build trigger. https://quasar.dev/app-extensions/development-guide/index-api#api-beforebuild

[rstoenescu]

Enhancement will be available in "@quasar/app" v3.2.5