installDeps.sh: create a package-lock.json on startup. Track it in the repo.
This change reverts c4918efc1b
, and basically negates what was done for #3396,
but aligns better with current practices in the nodejs ecosystem.
Pragmatically speaking, this will allow users, if they want, to use
npm-force-resolutions (https://github.com/rogeriochaves/npm-force-resolutions)
to manually fix security vulnerabilities.
We had a problem for that (see #3598), and - given the fragmented nature of
the nodejs ecosystem - it is reasonable to expect more issues like that one,
so it's better to be prepared.
Closes #3659.
pull/3885/head
parent
84479851fe
commit
9ee131ca1f
|
@ -100,7 +100,7 @@ echo "Ensure that all dependencies are up to date... If this is the first time
|
||||||
cd node_modules
|
cd node_modules
|
||||||
[ -e ep_etherpad-lite ] || ln -s ../src ep_etherpad-lite
|
[ -e ep_etherpad-lite ] || ln -s ../src ep_etherpad-lite
|
||||||
cd ep_etherpad-lite
|
cd ep_etherpad-lite
|
||||||
npm install --no-save --loglevel warn
|
npm install --save --loglevel warn
|
||||||
) || {
|
) || {
|
||||||
rm -rf src/node_modules
|
rm -rf src/node_modules
|
||||||
exit 1
|
exit 1
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue