Skip to content

chore: add back package-lock.json and enable dependabot#939

Merged
aduh95 merged 1 commit intonodejs:mainfrom
aduh95:lockfile
Jun 27, 2025
Merged

chore: add back package-lock.json and enable dependabot#939
aduh95 merged 1 commit intonodejs:mainfrom
aduh95:lockfile

Conversation

@aduh95
Copy link
Contributor

@aduh95 aduh95 commented Jun 15, 2025

It was removed based of #311, however having a reproducible dev env is good actually.

@codecov
Copy link

codecov bot commented Jun 15, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.15%. Comparing base (a68af4b) to head (a9a7bf8).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #939   +/-   ##
=======================================
  Coverage   80.15%   80.15%           
=======================================
  Files          39       39           
  Lines        4635     4635           
=======================================
  Hits         3715     3715           
  Misses        920      920

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@aduh95
Copy link
Contributor Author

aduh95 commented Jun 17, 2025

@nodejs/node-core-utils wdyt?

@targos
Copy link
Member

targos commented Jun 18, 2025

No objections from me. I prefer a higher chance of discovering unintended breaking changes in dependencies to the reproducibility of the dev env but I can live with it.

@aduh95
Copy link
Contributor Author

aduh95 commented Jun 21, 2025

I prefer a higher chance of discovering unintended breaking changes in dependencies

Has this ever happened btw? I've tried looking for other projects that one would more likely install globally rather than locally (create-react-app, heroku, pm2), they all seem to use a lock file – although I didn't spend much time looking for it.

BTW I'm not sure being meant to be installed globally change much, packages that are installed locally also do not use the upstream lockfile.

@targos
Copy link
Member

targos commented Jun 24, 2025

In this project, I don't know. It has already happened in other projects I maintain.

targos
targos approved these changes Jun 24, 2025
View reviewed changes
Copy link
Member

@targos targos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RSLGTM on the dependabot config

@aduh95 aduh95 merged commit 7d5ac23 into nodejs:main Jun 27, 2025
13 checks passed
@aduh95 aduh95 deleted the lockfile branch June 27, 2025 16:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anonrig anonrig anonrig approved these changes

@targos targos targos approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aduh95 @targos @anonrig