What package manager does the repo use?
GabenGar opened this issue · 6 comments
I see yarn.lock file, which implies yarn, but "scripts" section is littered with npm run ... commands, while package-lock.json is in .gitignore. yarn install also updates the lockfile so it's impossible to make a contribution without dragging its changes along. Well I guess it's possible, need to just use yarn install --frozen-lockfile but it's not mentioned neither in readme not contribution guide.
Also how does "engines" being "node": ">=12.0.0" while having node types as "@types/node": "^17.0.33" work?
Also how does
"engines"being"node": ">=12.0.0"while having node types as"@types/node": "^17.0.33"work?
@types/node doesn't have official up-to-date typings for Node 12, so we use newer Node types and run on Node 12 as part of CI to make sure tests pass on Node 12.
The question still stands, since npm has 3 different versions of lockfile, so it has to be removed from .gitignore and committed to the repo.
Assuming the nodejs npm mapping is the source of truth for supported version pairs, node 12 peaked at npm 6 (and therefore at lockfile version 1), which is quite a requirement for the developer machine. It basically assumes the person forking the repo knows how to juggle multiple versions of node and npm in a multiplatform context.
Is it really important to support a version of node 3 versions below the current Maintenance LTS (18)? What would be the price of releasing a semver major which ups the required NodeJS version to 18 (Maintenance LTS) or 20 (Active LTS)?
Is this causing a specific issue for you? If so, please feel free to elaborate.
The specific issue is writing nodejs code using node 17 types but for node 12 target. It is quite a jump: ESM support, a lot of fs-related interfaces got slightly changed and even fs/promises was added, better ECMAScript support (i.e. Array.at(), nullish coalescing, optional chaining). It even has a built-in args parser now.
As for npm, the lock file is required to have reproducible builds, more so on later versions which don't seem to be as relaxed as older ones and so don't change the lock file on bare install command (even if dependencies allow for minor/patch version up), unless it's some platform-specific dependencies missing. And the version of npm is tied to a version of nodejs anyway.
I've looked into the repo further and there is .nvmrc file, which is a config file for nvm. And it says nvm should switch to node 16. So there is another source of truth claiming the required version of node. Which is different from the other two.
EDIT: Also yarn is used in a CI file, and there is a .yarn/releases folder with a file which constitutes a 1/3rd of the source code size.
The fork of json-schema-ref-parser, which is a dependency of this repo, has "engines": {"node": ">= 16"} within its package.json, so it's another source of NodeJS which conflicts with other metadata except for .nvmrc.