Missing "resolved" and "integrity" from lock file
Closed this issue · 5 comments
Thank you for this cool project! To make elm-watch easier to use on nix based systems, I have been trying to package this project as a nix flake. While doing that, I noticed that a lot of the dependencies listed in the packages value in package-lock.json are missing their resolved and integrity information. For example, yallist and ansi-styles. I have tried adding in these fields but it seems like there are too many missing to be able to do this by hand.
This issue of missing hashes isn't specific to elm-watch - it seems several other npm packages suffer from this issue.
The only way I could add these fields back in was to remove package-lock.json (and my local node_modules directory) and run npm install. While this does fix the missing fields, it also updates every package to the latest one, meaning my nix flake version of elm-watch isn't identical to the one you provide.
What are your thoughts about adding in the missing resolved and integrity fields, either by regenerating package-lock.json or another method?
Hi!
I would be fine with regenerating package-lock.json.
But before we do that: Next time I update or change dependencies, how do I verify that I don’t re-introduce this issue? There must be some bug in npm causing it because I never touch package-lock.json by hand.
Good question. I'm not entirely sure of a way that doesn't involve trying to build something with nix. It seems like the issue occurs when trying to install a package that already exists in node_modules or npm's cache (see this issue).
I will see if I can write a script that can "fix" a lock file. I really don't like the solution of having to delete the lock file - it seems to defeat the whole purpose of a lock file!
I have made a python script that adds the missing fields into a package-lock.json. It can be found here. It's not packaged particularly well, but it does build with nix, if you use that. I will improve the python packaging over the weekend when I have a free moment.
This will allow the lock file to be updated without being deleted.
You don't have to integrate this into your workflow if you don't want to. I'm also happy to use this code to generate a patch file for my flake wrapper
Okay, I improved the packaging of the python script. It should be usable with setuptools now.
I'm happy to close this issue, since it isn't really an issue for normal elm-watch usage.