Skip to content
This repository has been archived by the owner on Nov 18, 2023. It is now read-only.

NPM update with only package lock changes #39

Open
Primajin opened this issue Sep 9, 2021 · 4 comments
Open

NPM update with only package lock changes #39

Primajin opened this issue Sep 9, 2021 · 4 comments
Labels
bug Something isn't working

Comments

@Primajin
Copy link

Primajin commented Sep 9, 2021

Describe the bug
Hey there the new action with NPM 7 works pretty great, though I just got a funky PR that only has package.lock changes. I wonder if in that case the update should be ignored. Also I had pruned and deduped my lock file so it seems there is a lot of unnecessary new lines added: https://github.com/Primajin/eyesbound/pull/61/files#diff-053150b640a7ce75eff69d1a22cae7f0f94ad64ce9a855db544dda0929316519R22982

To Reproduce
Steps to reproduce the behavior:

  1. Create a package-lock with npm i
  2. run npm dedupe and npm prune to make it smaller
  3. run the action

Expected behavior
If there are only changes to the lock file but none to the package.json I guess we could ignore the PR since it's not really updating something, or is it?

Link to workflows
https://github.com/Primajin/eyesbound/runs/3553773888?check_suite_focus=true
@Primajin Primajin added the bug Something isn't working label Sep 9, 2021
@tjololo
Copy link
Owner

tjololo commented Sep 9, 2021

Thanks for reporting the bug🐛
I will look into it when I get the chance

@tjololo
Copy link
Owner

tjololo commented Sep 16, 2021

I have finally found some time to look into this.
As to the case where there are only changes package-lock.json, there are cases where that is possible and desirable.
Given a dependency defined as folloes in package.json:

{
...
  "dependencies": {
    "my-dep": "1.2"
  }
...
}

This is one way of describing to npm that you want the latest available patch version. In those cases there are only updates in package-lock.json.

For dedup/prun case I think the npm update --package-lock-only command this action run reverts the effects of dedupe/prune commands.
I can create a new version where you have the possibility to have npm dedupe and/or npm prune after npm update --package-lock-only
Does this seem like a solution to you @Primajin ?

@Primajin
Copy link
Author

Primajin commented Sep 16, 2021
edited
Loading

That does sounds cool - but please don't get into too much hassle on my account 😅 . I am also fine to just merge and run a dedupe/prune every now and then locally on my machine. No worries! 👍🏻

@tjololo
Copy link
Owner

tjololo commented Sep 16, 2021
edited
Loading

As a way to avoid the PR if there are no actual version updates you can use the output from the action that was introduced in version 1.2.0 to only run the PR step if there are any updates. You would then only need to run dedupe/prune once there are actual updates :)
example on line 62 here: https://github.com/tjololo/npm-package-update-sync/blob/main/.github/workflows/integration-deps-test.yaml#L62

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tjololo @Primajin