`npm@8` which comes with node 16 will by default write lockfile v2
`npm@9` which comes with recent versions of node 18 and above will write
lockfile v3
To avoid incorrect lockfile v2 generation on npm v8, force npm to write
lockfile v3, so no matter which npm version the user has installed, the
same lockfile format will be generated.
References:
-
https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#lockfileversion
- https://nodejs.org/en/download/releases
Co-authored-by: delvh <leon@kske.dev>
- Don't package node_modules in tarballs, they are not cross-platform
anymore and npm cache should not be messed with directly. Instead,
require an internet connection to rebuild the UI, which is not necessary
in the general use case because prebuilt UI files are shipped in the
public directory.
- Simplify the fomantic build and make the target phony. We don't need
anything more for something that is rarely ran.
- Use regular tar again to build tarballs and add variable for excludes
- Disable annoying npm update notifications
Fixes: https://github.com/go-gitea/gitea/pull/14578
Fixes: https://github.com/go-gitea/gitea/pull/15256
Fixes: https://github.com/go-gitea/gitea/pull/15262
Co-authored-by: 6543 <6543@obermui.de>
* Fix release expansion issue
Fix#14578
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix cache statement too
Signed-off-by: Andrew Thornton <art27@cantab.net>
* and update the npmrcs
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per @silverwind
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: silverwind <me@silverwind.io>
* Update JS dependencies and misc tweaks
- Update all JS dependencies minus webpack
- Adapt CodeMirrors styling to new CSS parent introduced by EasyMDE
- Set eslint parser to latest and add new eslint 7.14 rule
- Speed up npm install by disabling audit and fund checks
- Move fomantic-ui to optional dependencies to further speed up npm
- Enable syntax highlighting on GH for .eslintrc and .stylelintrc
- Makefile cleanups
* disable audit in npmrc
* add missing dash
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Some users (like me) have this option disabled in their global npm
config which can lead to package-lock.json not being updated. This
explicitely enables the option for this repo, so that the file is
always updated when adding/removing dependencies.
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
* add 'npm' and 'npm-update' make targets and lockfile
- `make npm` installs and updates node_modules, triggered automatically
on `make css` and `make js` as it completes reasonably fast and
ensures consistent modules.
- `make npm-update` updates all dependencies to their latest version,
regenerates `node_modules` from scratch and updates
`package-lock.json`. It uses npm modules `updates` written by yours
truly to find the latest version of each dependency.
* add suggested make dependencies
* remove package-lock.json during npm-update
* regenerate package-lock.json
* remove and disable package-lock
Using exact versions in package.json has the same effect as lockfiles
without all the troubles the lockfiles bring (different versions of
package manager generating different lockfiles primarily).
Ensured we only use exact versions in package.json and stopped
generation of new lockfiles via .npmrc which is support by both the npm
and yarn package managers.
Fixes: https://github.com/go-gitea/gitea/issues/6967
* enable save-exact