Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(arborist) omit resolved from registry dependencies #4262

Closed
wants to merge 2 commits into from

Conversation

fritzy
Copy link
Contributor

@fritzy fritzy commented Jan 19, 2022

THIS PR HAS BEEN MIGRATED

Originally at npm/arborist#352
Originally by @everett1992

Start npm/rfcs#486. This implements $disable-write-resolves without
creating an option. Next I'll figure out how to plumb a npm config
option thru to shrinkwrap.

Caleb ツ Everett added 2 commits January 18, 2022 17:12
Implement `$disable-write-resolves` described in npm/rfcs#486.  I named
the option `omitLockfileRegistryResolved` but that can be changed later.

Put simply, this option causes npm to create lock files without a
`resolved` key for registry dependencies forcing npm to use the current
configured registry and resolve package tarball urls on install. This
fixes install errors when users change registries and the recorded
resolved url is incorrect.

This option causes slower installs because npm must fetch each packages
manifest to find the tarball url, but it's the most comprehensive
solution to this problem. Options like recording always the default
registry, or recording a special 'current registry' sigil will break if
registries host tarballs at different paths. For example
`${REGISTRY}/npm/-/npm-8.3.0.tgz` only works if all registries host
tarballs at `npm/-/npm-8.3.0.tgz`.
Create shrinkwrap files with resolved urls modified to replace the
configured registry with the default registry,
https://registry.npmjs.org.

The default registry is a magic value meaning the current registry, so
recording resolved with the default registry allows users to switch to a
different registry without removing their lockfile. The path portion of
the acutal resolved url is preserved so this trick only works when the
different registries host tarballs at the same relative paths. It's
faster than the omitLockfileRegistryResolved option because npm doesn't
need to fetch each pacument to resolve the tarball url.
@fritzy fritzy requested a review from a team as a code owner January 19, 2022 01:12
@fritzy fritzy marked this pull request as draft January 19, 2022 01:14
@fritzy fritzy added the ws:arborist Related to the arborist workspace label Jan 19, 2022
@fritzy fritzy changed the title everett1992/remove registry resolve feat(arborist) omit resolved from registry dependencies Jan 19, 2022
@wraithgar wraithgar changed the base branch from latest to release-next January 26, 2022 20:43
@wraithgar wraithgar changed the base branch from release-next to latest March 9, 2022 18:25
@npm npm deleted a comment from npm-robot Jun 1, 2022
@darcyclarke darcyclarke added the semver:minor new backwards-compatible feature label Jul 26, 2022
@fritzy fritzy marked this pull request as ready for review August 2, 2022 21:29
@nlf
Copy link
Contributor

nlf commented Aug 2, 2022

closing, this was implemented in #4874

@nlf nlf closed this Aug 2, 2022
@lukekarrys lukekarrys deleted the everett1992/remove-registry-resolve branch April 29, 2024 20:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
semver:minor new backwards-compatible feature ws:arborist Related to the arborist workspace
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants