installDeps.sh: create a package-lock.json on startup. Track it in the repo.

This change reverts c4918efc1b, and basically negates what was done for #3396,
but aligns better with current practices in the nodejs ecosystem.

Pragmatically speaking, this will allow users, if they want, to use
npm-force-resolutions (https://github.com/rogeriochaves/npm-force-resolutions)
to manually fix security vulnerabilities.
We had a problem for that (see #3598), and - given the fragmented nature of
the nodejs ecosystem - it is reasonable to expect more issues like that one,
so it's better to be prepared.

Closes #3659.
pull/3885/head
muxator 2019-10-31 19:20:28 +01:00
parent 84479851fe
commit 9ee131ca1f
2 changed files with 7240 additions and 1 deletions

View File

@ -100,7 +100,7 @@ echo "Ensure that all dependencies are up to date... If this is the first time
cd node_modules cd node_modules
[ -e ep_etherpad-lite ] || ln -s ../src ep_etherpad-lite [ -e ep_etherpad-lite ] || ln -s ../src ep_etherpad-lite
cd ep_etherpad-lite cd ep_etherpad-lite
npm install --no-save --loglevel warn npm install --save --loglevel warn
) || { ) || {
rm -rf src/node_modules rm -rf src/node_modules
exit 1 exit 1

7239
src/package-lock.json generated Normal file

File diff suppressed because it is too large Load Diff