You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Its goal is to generate package-lock.json files...
without Node.js
without using npm
ensuring to never actually download/install anything (no node_modules/)
targeting a specific lock file version disregarding the npm version the user may have or not
even if the package.json scripts are broken
It frees our users from the need of having npm installed. What's more, it frees the analysis from requiring a package.json well-formed in all of its parts (for example erborist creates the dependencies tree even from package.json with broken scripts).
It's generally a better alternative than running npm (with --ignore-scripts or not) on the users' machines.
Proposed solution
The lstn CLI should use erborist when available for the OS/arch pair.
In case we do not have a erborist binary for the OS/arch pair we have 2 options:
notify the user, and exit
fallback to the existing mechanism (executing npm).
Describe the feature or problem you’d like to solve
The first release of erborist is out.
Its goal is to generate
package-lock.json
files...npm
node_modules/
)npm
version the user may have or notIt frees our users from the need of having
npm
installed. What's more, it frees the analysis from requiring apackage.json
well-formed in all of its parts (for exampleerborist
creates the dependencies tree even frompackage.json
with broken scripts).It's generally a better alternative than running
npm
(with--ignore-scripts
or not) on the users' machines.Proposed solution
The
lstn
CLI should useerborist
when available for the OS/arch pair.In case we do not have a
erborist
binary for the OS/arch pair we have 2 options:npm
).Additional context
Following up from #102.
The text was updated successfully, but these errors were encountered: