Add NPM package-lock.json
#192
Conversation
The Yarn package lock file was removed in #187, but I didn't add the new NPM `package-lock.json`, but it is required. Re-add the 'relocate lockfile dir' logic. Enable reportNewPackageLock so KGP creates an error if the lockfile is missing (otherwise it generates a new one and doesn't complain, which obscures the fact that one is missing!)
aSemy
force-pushed
the
fix/kotlin-js-store
branch
from
2e834ec to
0969b8f
Compare
build.gradle.kts
Outdated
| @@ -89,3 +93,41 @@ dokkatoo { | |||
| } | |||
| } | |||
| } | |||
|
|
|||
| tasks.withType<LockCopyTask>().configureEach { | |||
There was a problem hiding this comment.
Wondering if we haven't reach the tipping point where we just pragmatically use the default yarn.
There was a problem hiding this comment.
Yeah, using Yarn is an option. I'd like to workaround it though. It's a pretty simple find-replace fix, and it's nice not to need an additional JS tool.
I think this might be a NPM problem npm/cli#6379 so it might be a while before KGP can fix it.
There was a problem hiding this comment.
Isn't npm/yarn something internal here, a transitive dependency of Kotlin, that manifests itself only in the lockfiles? Do we need to actually maintain the tools? I'm fine with npm just to get us unblocked, but why did the Kotlin team decide to use yarn as the default?
There was a problem hiding this comment.
Good question, I don't know why Kotlin/JS uses Yarn as a default. The K2 release notes imply that it will be removed as the default though.
I would speculate that Yarn was selected because it was better than NPM, but that was 7+ years ago, and NPM has since caught up.
I also think that the root cause of the problem is Gradle. It's supposed to be a language-agnostic build tool, so why can't Gradle download and verify NPM dependencies? Why do we need a lockfile for JS dependencies when Gradle already has its own lockfiles? It's because Gradle only supports Maven repos, provides no options for anyone to implement other package sources. If it did, then the experience would be much better.
I've had an idea rattling around about creating a Gradle plugin that would spawn a background daemon running both a NPM proxy server and a localhost webserver that would present the NPM dependencies as Maven Coordinates. The Gradle TypeScript plugin does something like this.
aSemy
force-pushed
the
fix/kotlin-js-store
branch
from
2462f99 to
ef581b1
Compare
|
Well... it looks like this workaround didn't work. There's a failure in #191 The diff view is very useful though! > Task :kotlinStorePackageLock FAILED
--- D:/a/snakeyaml-engine-kmp/snakeyaml-engine-kmp/build/js/package-lock.json
+++ D:/a/snakeyaml-engine-kmp/snakeyaml-engine-kmp/gradle/kotlin-js-store/package-lock.json
@@ -10,8 +10,8 @@
"workspaces": [
"packages/snakeyaml-engine-kmp",
"packages/snakeyaml-engine-kmp-test",
- "packages\\snakeyaml-engine-kmp-wasm-js",
- "packages\\snakeyaml-engine-kmp-wasm-js-test",
+ "packages/snakeyaml-engine-kmp-wasm-js",
+ "packages/snakeyaml-engine-kmp-wasm-js-test",
"packages_imported/kotlin-test-js-runner/0.0.1"
],
"devDependencies": {} |
|
@aSemy let's try with yarn then? |
The Yarn package lock file was removed in #187, but I didn't add the new NPM
package-lock.json, but it is required.