What package manager does the repo use?
GabenGar opened this issue · 6 comments
I see yarn.lock
file, which implies yarn
, but "scripts"
section is littered with npm run ...
commands, while package-lock.json
is in .gitignore
. yarn install
also updates the lockfile so it's impossible to make a contribution without dragging its changes along. Well I guess it's possible, need to just use yarn install --frozen-lockfile
but it's not mentioned neither in readme not contribution guide.
Also how does "engines"
being "node": ">=12.0.0"
while having node types as "@types/node": "^17.0.33"
work?
Also how does
"engines"
being"node": ">=12.0.0"
while having node types as"@types/node": "^17.0.33"
work?
@types/node
doesn't have official up-to-date typings for Node 12, so we use newer Node types and run on Node 12 as part of CI to make sure tests pass on Node 12.
The question still stands, since npm
has 3 different versions of lockfile, so it has to be removed from .gitignore
and committed to the repo.
Assuming the nodejs
npm
mapping is the source of truth for supported version pairs, node 12
peaked at npm 6
(and therefore at lockfile version 1), which is quite a requirement for the developer machine. It basically assumes the person forking the repo knows how to juggle multiple versions of node and npm in a multiplatform context.
Is it really important to support a version of node 3 versions below the current Maintenance LTS (18)? What would be the price of releasing a semver major which ups the required NodeJS version to 18 (Maintenance LTS) or 20 (Active LTS)?
Is this causing a specific issue for you? If so, please feel free to elaborate.
The specific issue is writing nodejs
code using node 17 types but for node 12 target. It is quite a jump: ESM support, a lot of fs
-related interfaces got slightly changed and even fs/promises
was added, better ECMAScript support (i.e. Array.at()
, nullish coalescing, optional chaining). It even has a built-in args parser now.
As for npm
, the lock file is required to have reproducible builds, more so on later versions which don't seem to be as relaxed as older ones and so don't change the lock file on bare install
command (even if dependencies allow for minor/patch version up), unless it's some platform-specific dependencies missing. And the version of npm
is tied to a version of nodejs
anyway.
I've looked into the repo further and there is .nvmrc
file, which is a config file for nvm
. And it says nvm
should switch to node 16
. So there is another source of truth claiming the required version of node. Which is different from the other two.
EDIT: Also yarn
is used in a CI file, and there is a .yarn/releases
folder with a file which constitutes a 1/3rd of the source code size.
The fork of json-schema-ref-parser
, which is a dependency of this repo, has "engines": {"node": ">= 16"}
within its package.json
, so it's another source of NodeJS which conflicts with other metadata except for .nvmrc
.