Check in lockfile and use npm consistently #1340
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Summary
This PR standardizes the project's package management by migrating from Yarn to npm across all environments. The changes include:
- Package management migration: Updates
package.jsonto usenpm run buildinstead ofyarn run buildin the prepublishOnly script - Lockfile strategy change: Removes
package-lock.jsonfrom.gitignoreand addsyarn.lockto it, ensuring npm's lockfile is tracked in version control for consistent dependency resolution - Build script updates: Modifies
bin/restore-or-installto use npm commands (npm installandnpm ci) instead of yarn, while maintaining the same caching logic based onpackage-lock.jsonchecksum - Documentation alignment: Updates installation instructions in
README.mdfromyarn add @workos-inc/nodetonpm i @workos-inc/node
The migration addresses environment consistency since the CI pipeline already uses npm. By checking in the lockfile, the project ensures deterministic dependency resolution across development, CI, and production environments. This eliminates potential "works on my machine" issues caused by different package managers resolving dependencies differently. The changes maintain existing functionality while standardizing the toolchain.
Confidence score: 4/5
- This PR is generally safe to merge with proper coordination across the development team
- Score reflects solid technical changes but requires team coordination to ensure all developers switch from yarn to npm
- Pay close attention to the
bin/restore-or-installscript logic withnpm ciusage
4 files reviewed, 1 comment
| cache store $KEY ./node_modules | ||
| fi | ||
|
|
||
| if [[ ! `ls -d ./node_modules/.bin 2>/dev/null` ]]; then | ||
| yarn install --check-files | ||
| npm ci |
There was a problem hiding this comment.
logic: Using npm ci here may cause issues since it removes existing node_modules before installing. If the first condition already installed dependencies, this will unnecessarily reinstall everything. Consider using npm install or checking if this condition is actually needed.
| npm ci | |
| npm install |
Description
We should be checking in the lockfile to ensure dependencies are consistent across environments. Since we use npm in CI it seems to make sense that we use it on the development side as well.
Documentation
Does this require changes to the WorkOS Docs? E.g. the API Reference or code snippets need updates.
If yes, link a related docs PR and add a docs maintainer as a reviewer. Their approval is required.