fix: always re-create package-lock.json #43
Conversation
Signed-off-by: Ruben Romero Montes <[email protected]>
There was a problem hiding this comment.
This might break the unitests , but it's crucial to the process of updating the package.json and gets the new data of the new added dependencies, which is more important.
the problem with UT, is that recalculating package.json' package-lock.json everytime might change the versions of the transitive fetched dependencies over time, thus it might break the tests as the expected sboms will be different from the actual ones ( this was the reason why there is package-lock.json file in each test' directory of npm) - hence will need to change the expected sbom everytime it's changing, or to mock the call for npm, which will save us from doing this tedious task.
Hence in order to overcome the above tests' problem, i have no choice but to mock the calls to npm ( npm i and npm ls), thing that anyway i planned to do sooner or later for unitests - now i have 3 reasons to do so - performance and reducing run time for UT, saving time from changing expected sboms everytime it changes , and third and last, which is the first motivation to do so, is that UT should be concerned only with logic of the library' code alone, and not with testing how the code integrates with the package manager cli tool ( in this case - npm) , this should be left to be tested in component tests/integration tests.
Will do so either on first opportunity or on first failure of UT that caused by that, whichever comes first.
Anyway, lgtm and approved
Description
Always re-create the package-lock.json because after the user updates the package.json file, the extension will run another analysis and it will fail because the package-lock.json is not synchronized.
Related issue (if any): fixes #issue_number_goes_here
Checklist