-
Notifications
You must be signed in to change notification settings - Fork 3.3k
Integrating with node
The node project currently bundles npm
in every version. In order to allow our team to release new semver-major versions of the npm
CLI, we have some guidelines to follow. Please note that these are guidelines, they are not exhaustive and failures may not be the responsibility of the npm team to address. Our duty is to do our best and to determine the root cause of any new failures so that we may discuss them with the node project before a new version is bundled.
Note that in all cases exceptions may be made if the root cause of a new failure is determined to not be due to the new release of npm or the process of updating npm.
To ensure this one, we will have a GitHub action triggered by new releases that downloads and builds the current node release lines with an updated npm and runs the node project's tests.
No new failures installing the packages defined by citgm.
The set of packages curated by citgm
is reasonably diverse. When a release is published, we will use citgm (or some derivative) to download the latest published version of each package and run npm install
followed by npm ls
to verify we have generated a valid package tree.
After npm install
and npm ls
verify that we are able to create a valid package tree, we additionally run each of the project's tests. Note that this is a rule that weighs heavily on the maintenance of the project being tested. In some cases a failure may be due to the update of node rather than npm, in this case the failure is acceptable.
To ensure our users can work smoothly in both the latest npm release, as well as previous versions, we must be diligent about only making breaking changes to package-lock.json
files when explicitly requested. Since breaking changes to the lock file are signified by a change in the lockfileVersion
property, our automated testing will include checking each package in citgm for an existing package-lock.json
. If one is found, we assert that the lockfileVersion
found within does not change after npm install
is run.
There is a significant exception to this rule in that v1 lockfiles will always be upgraded to whatever the default for the newer npm version is. Any lockfile with a starting version above v1 must not change.