npm install should be npm ci in scripts/build-extension.sh

Question

npm install should be npm ci in scripts/build-extension.sh

Closed this issue 2 years ago · 2 comments

scripts/build-extension.sh:

#!/bin/bash

# This script builds and installs the
# webextension instrumentation.

set -e

# Make conda available to shell script
eval "$(conda shell.bash hook)"
conda activate openwpm

pushd Extension
npm install
popd

echo "Success: Extension/openwpm.xpi has been built"

npm ci, installs based on the exact package versions in package-lock.json, whereas npm install resolves package versions based on package.json, choosing newest allowed package versions based on sematic versioning rules. Though it is unlikely that the version differences from npm install and npm ci, would have functional differences, it is best practice that the exact same version is used by users as when developing and testing.

Answer 1 · 2023-01-17T03:14:46.000Z

Thanks! I'm curious for @vringar's take.

Answer 2 · 2023-01-17T13:21:58.000Z

Seems reasonable. I've seen it as a best practice in other places, but didn't make the change yet.

@tim-stephenson PR welcome:)