Skip to content

fix: normalize package-lock.json to npm 11.10.0 output for publish audit#339

Merged
ChiragAgg5k merged 1 commit into
masterfrom
fix-npm-lock-audit
Jul 10, 2026
Merged

fix: normalize package-lock.json to npm 11.10.0 output for publish audit#339
ChiragAgg5k merged 1 commit into
masterfrom
fix-npm-lock-audit

Conversation

@ChiragAgg5k

Copy link
Copy Markdown
Member

The 22.6.1 publish run failed at the Audit npm dependencies step: the committed package-lock.json came from the sdk-generator template (generated with npm 11.16.0, which writes libc fields and an overrides block in packages[""]), but the workflow pins npm 11.10.0, whose npm install --package-lock-only rewrite drops those fields — so git diff --exit-code package-lock.json fails.

This commits the npm 11.10.0-normalized lock, which is verified to be a fixed point of the audit's rewrite (a second --package-lock-only run produces zero diff). npm ci && npm run build verified working with the normalized lock.

Follow-up needed in appwrite/sdk-generator: regenerate package-lock.json.twig with npm 11.10.0 (or align the workflow pin and update-lockfiles.sh on one npm version), otherwise the next SDK regeneration reintroduces the drift.

@ChiragAgg5k ChiragAgg5k merged commit 9e83cd1 into master Jul 10, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants