Comments (3)
LinusU
commented on June 4, 2024
Hmm, I'm not sure how all processes should look around this.
Currently, as distributed via Npm, the newest semver compatible versions of every dependency is used whenever a user installs or updates the package. This makes it so that any security fixes or other patches are automatically applied without us having to do anything.
If we add a lock file, do we need to make a new release anytime a security fix is released in any downstream packages? This feels like we are adding both work and responsibility on us in order to only support the Nix distribution π€
from standard.
voxpelli
commented on June 4, 2024
Iβm largely π on this. Itβs nice to be able to support as many places as possible, but a lockfile would have to be maintained as well as @LinusU says
from standard.
wesleytodd
commented on June 4, 2024
The key issue around libraries using lockfiles is that we need to ensure the final build before publish blows away the entire lockfile. If you don't do this then the consumers could get newer transitive dependencies than the tests were run with, possibly breaking immediately when they update. There is currently not a lot of good tooling around that workflow, but I would be interested in building it if we wanted to use it here. There are some details to work out though since we don't have fully automated publish from CI.
EDIT: I guess I should have added, without the proper tooling I am also π on adding a lockfile.
from standard.
Related Issues (20)
- Formatting code will make it unreadable
- Expanding Rostislav and I's contribution, into core
- TS-Standart Changed My Code and Throwing Error
- Create a tutorial to use Standard together with Husky
- Eslint v9 support HOT 2
- Could you please paste the result of the `npm ls eslint` command? HOT 1
- Remove the lock-threads workflow
- Comments bring issues/PRs onto the project board HOT 1
- tittle
- space-unary-ops errors on `new Class()` syntax HOT 4
- Maintenance & Governance of standard HOT 52
- Format using a formatter instead of ESLint formatting rules HOT 17
- inline link with @ in Super to have link inline or below not above HOT 1
- Tags isn't exported with Export .md or HTML HOT 1
- Ctrl+Shift+E to open/close tag page isn't working HOT 2
- `standard.lintFiles()` doesn't use `process.cwd()` HOT 5
- RFC: eslint-config-standard-with-typescript to depart from standard HOT 19
- Rule suggestion: no-constant-binary-expression
- Linting in precommit hooks says File not found
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from standard.