sorry for the ignorance..... coworker pulled down ...
# general
sorry for the ignorance..... coworker pulled down code repo .... identical to mine. However, his "npm install" set up newer versions of modules. Didn't seem to respect the package-lock.json file in the repo. Is there good guidance around the workflow for checking code in/out and package versions with Pulumi?
You can check in your
to ensure others pick up the exact same versions. This is generally a good idea for any shared codebase.
ok - see below comment though. It's not being respected
(new to Node) - but exact experience my co-worker had right next to me. Cloned repo, npm install - package-lock.json got updated
ok - maybe not ignored ..... looks like it says a certain version or higher. So this makes sense now. Co-worker is installing fresh and it upgrades his packages
breaking changes for gke/gcp provider
@orange-tailor-85423 this is a good question, and a confusing one.
Basically, you want to check in your
The reason is that when you run
npm install
it will try to find versions of the dependencies that satisfy the constraints specified in
If you always want
npm install
to choose the same versions of these dependencies, even on different machiines, and even if a new version has been released,
is important to have because it does what it says and locks the packages to specific versions. Make sense?
package-lock doesn't do what you think it does
you need to
npm ci
to actually pull the same package-lock bits
If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
npm install --save
uses the "latest patch" syntax, it's highly likely that two installs can pull down different versions.