Page MenuHomePhabricator

Commit package-lock.json files everywhere
Closed, DuplicatePublic


Eyeballing a few recent CI builds, npm install can take between 10-60s. This problem will only get worse as we use npm more extensively, for instance T199116 after which we will be installing node modules in every submodule.

Now that our CI is on a modern version of node and npm, we can use the package-lock.json (or npm-shrinkwrap.json) files, which give us a more predictable system and will save npm the time to recalculate the dependency tree. The current best practice is to commit one of these files in any repo that uses npm:

Some of our CI infrastructure already supports a transparent switch to npm ci whenever a package lock file is available, other code such as quibble will need to have support added.