Keep package.json and package-lock.json in sync

[kezhenxu94]

The package.json and package-lock.json is not in sync, this patch makes them in sync and such we can perform reliable builds using npm ci.

npm ERR! code EUSAGE
npm ERR! 
npm ERR! `npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing.
npm ERR! 
npm ERR! Missing: @types/lodash-es@4.17.6 from lock file
npm ERR! Missing: vue@2.7.10 from lock file
npm ERR! Missing: vue-template-compiler@2.7.10 from lock file
npm ERR! Missing: de-indent@1.0.2 from lock file
npm ERR! Missing: @vue/compiler-sfc@2.7.10 from lock file
npm ERR! Missing: csstype@3.1.0 from lock file
npm ERR! Invalid: lock file's @babel/parser@7.16.8 does not satisfy @babel/parser@7.19.0
npm ERR! Invalid: lock file's postcss@8.4.5 does not satisfy postcss@8.4.16
npm ERR! Missing: source-map@0.6.1 from lock file
npm ERR! Invalid: lock file's nanoid@3.1.32 does not satisfy nanoid@3.3.4
npm ERR! Invalid: lock file's source-map-js@1.0.1 does not satisfy source-map-js@1.0.2
npm ERR! 

[kezhenxu94]

Maybe that's why every time I run npm i locally the package-lock.json file changes

[wu-sheng]

It is better we could update docs here? https://github.com/apache/skywalking-booster-ui#development

[kezhenxu94]

It is better we could update docs here? https://github.com/apache/skywalking-booster-ui#development

What do you want to add?

[kezhenxu94]

npm ci is preferred in CI environment only while npm install is still preferred in local development, we don't bother to change developers experience, I have also updated the command in GHA to ensure the package.json and package-lock.json is in sync so no commit breaking that will be merged.

[wu-sheng]

I want to discuss what is recommend when we run skywalking UI/backend build. The difference would make veraions in license file not match the binary.

[kezhenxu94]

I want to discuss what is recommend when we run skywalking UI/backend build. The difference would make veraions in license file not match the binary.

You don't understand how this is fixed.

This patch resolves the problem that package-lock.json doesn't lock some dependencies versions because they are missing in package-lock.json file. It also guarantees that this case won't happen again in the future by making sure the package-lock.json is in sync with package.json.

When developers build/install without any changes the versions are guaranteed by the lock file so no version is changed.

When developers upgrade any dependencies in local machine, they also have to make sure the two files are in sync otherwise the CI would fail.

[kezhenxu94]

I want to discuss what is recommend when we run skywalking UI/backend build. The difference would make veraions in license file not match the binary.

There is nothing changed in building the UI. Just keep everything every command the same as before.