Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove requirement for package lock file #247

Closed
jkowalleck opened this issue Oct 23, 2022 · 1 comment · Fixed by #248
Closed

remove requirement for package lock file #247

jkowalleck opened this issue Oct 23, 2022 · 1 comment · Fixed by #248
Assignees
@jkowalleck
Labels
enhancement New feature or request

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Oct 23, 2022
edited
Loading

caused by #232

Is your feature request related to a problem? Please describe.

current implementation tells users to have a package lock file.
internally it is not really needed. instead, npm ls is utilized.

and sometimes it is just not there - see https://docs.npmjs.com/cli/v9/using-npm/config#package-lock

Describe the solution you'd like

remove the demand for a package lock file.

Additional context

see npm config for the topic: https://docs.npmjs.com/cli/v9/using-npm/config#package-lock
@jkowalleck jkowalleck added the enhancement New feature or request label Oct 23, 2022
@jkowalleck
Copy link
Member Author

originally the pinning on the lockfile was enforced for forward-compatibility,
in case in the future the lockfile needed to be read manually.

this is no longer planned, nor foreseen. therefore, the lock-file requirement can be dropped.

@jkowalleck jkowalleck self-assigned this Oct 23, 2022
@jkowalleck jkowalleck mentioned this issue Oct 23, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkowalleck jkowalleck

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: make lockfile optional CycloneDX/cyclonedx-node-npm
1 participant
@jkowalleck