Bump lockfile version in package-lock #40
Description
nodeversion: v14.16.0npm(oryarn) version: 7.7.0
Problem description:
Currently package-lock uses lockfile version 1.0
If two different developers are using different versions of node (12/15) & npm (6/7) in a project that was originally created using a package-lock.json "lockfileVersion": 1, when the developer using npm 7x installs new packages it seems that the package-lock.json is re-created using "lockfileVersion": 2. please see issue
This seems to cause issues for the developer using npm v6, as it tries to work with the lockfileVersion 2, but it ends up producing new diffs.
Suggested solution:
Npm currently suggests
1: The lockfile version-1 used by npm v5 and v6.
2: The lockfile version-2 used by npm v7, which is backwards compatible to v1 lockfiles.
3: The lockfile version-3 used by npm v7, without backwards compatibility affordances. This is used for the hidden lockfile at node_modules/.package-lock.json, and will likely be used in a future version of npm, once support for npm v6 is no longer relevant.
Thus bumping to lockfile version-2 seems to be usable viable option. Ive also faced issues of large diffs upto 30k changes in lockfile as evident in #35 #28 .
Locking to version-1 is also a solution but isn't the best approach IMO and thus we can easily port to version2.0 which is backwards compatible and also supports future versions. see official docs