Skip to content

chore(lint): regenerate package-lock to check validity #832

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
LeoMcA wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

chore(lint): regenerate package-lock to check validity #832

LeoMcA wants to merge 5 commits into from

Conversation

@LeoMcA
Copy link
Member

@LeoMcA LeoMcA commented Sep 26, 2025

Adds step to lint workflow to regenerate package-lock.json if it differs, to check unintended changes aren't included e.g. when changing deps with a dirty node_modules dir.

Draft while I test it works on github actions.

@github-actions
Copy link
Contributor

github-actions bot commented Sep 26, 2025
edited
Loading

732d906 was deployed to: https://fred-pr832.review.mdn.allizom.net/

caugner
caugner reviewed Sep 29, 2025
View reviewed changes
.github/workflows/test.yml
Comment on lines +41 to +42
npm install
diff package-lock.json package-lock.json.branch
Copy link
Contributor

@caugner caugner Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand this correctly, then this assumes that running npm install results in the same package-lock.json. However, if a PR adds a dependency (with a subtree of transitive dependencies), then one simultaneous release of one of those transitive dependencies (while the PR is open) might cause this workflow to fail.

I also think this might fail if the PR branch is behind main, afaik github.base_ref points to the latest commit on main.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@caugner caugner caugner left review comments

@mdn-bot mdn-bot Awaiting requested review from mdn-bot mdn-bot will be requested when the pull request is marked ready for review mdn-bot is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LeoMcA @caugner