Skip to content

fix: lock file lag with validation and pre-commit note#519

Open
lee-chase wants to merge 5 commits intomainfrom
fixLockFileLag
Open

fix: lock file lag with validation and pre-commit note#519
lee-chase wants to merge 5 commits intomainfrom
fixLockFileLag

Conversation

@lee-chase
Copy link
Copy Markdown
Member

@lee-chase lee-chase commented Apr 8, 2026

The package.json seems to get updated often without the lock file. This should prevent that.

@lee-chase lee-chase requested a review from rodet as a code owner April 8, 2026 15:24
@bogy0
Copy link
Copy Markdown
Collaborator

bogy0 commented Apr 10, 2026
edited
Loading

As we discussed today governance meeting we should do the following:

  • in package.json we should set packageManager value to pin the npm version based on the .nvmrc file:
    • "packageManager": "npm@11.11.0",
  • Node version remains controlled via .nvmrc.
  • Team workflow, maybe we can create a CONTRIBUTING.md where we state this:
    • Run nvm install once to install the .nvmrc version if missing.
    • Run nvm use in the repo before running npm commands.
    • Use npm ci for normal local setup and CI.
    • Use npm install only when intentionally adding/updating dependencies.
    • If package.json changes, commit package-lock.json changes in the same PR.

@lee-chase
Copy link
Copy Markdown
Member Author

lee-chase commented Apr 10, 2026
edited
Loading

@rodet @bogy0

Made the change to package.json.

Added docs/CONTRIBUTING.md

NOTE: Carbon puts CONRIBUTING.md in the .github folder, but this feels a bit hidden to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bogy0 bogy0 bogy0 approved these changes

@rodet rodet Awaiting requested review from rodet rodet is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lee-chase @bogy0