feat(package-manager)!: Use npm instead of yarn#3500
Conversation
… grouped with the others
There was a problem hiding this comment.
This action only runs when code lands on main. Additionally, it's been broken for some time. There's an open issue for that here: #3324
Just for visibility, I won't invest any effort in making it work or triaging a failure in that pipeline after this PR until picking that issues up.
| "@eslint/compat": "^2.0.0", | ||
| "@eslint/eslintrc": "^3.3.0", | ||
| "@eslint/js": "^10.0.1", | ||
| "@eslint/js": "^9.24.0", |
There was a problem hiding this comment.
Dependapot previously bumped @eslint/js on its own causing a peer dependency violation.
Yarn treats those as warnings, so we didn't notice it. npm is more strict.
In this PR, we drop the version back and update the dependabot config to include this dependency in the eslint group to make sure that they all get bumped together as intended.
There was a problem hiding this comment.
Excuse the diff. Did a prettier format of this file.
There was a problem hiding this comment.
Actual changes for linting dangerfile can be found at the bottom
Summary
I recommend starting with the ADR (on this branch)
I know this looks scary:

The overwhelming majority of that is
yarn.lockbeing deleted andpackage-lock.jsonbeing added.Related Issues or PRs
closes: #3156
How To Test
One of the ways I tested was comparing the output of
yarn packandnpm packwhich helped identify the slight difference in the tarball naming, and the need to manually includeCHANGELOG.mdin the package output to maintain parity.Screenshots (optional)
Author & Maintainer checklist
npmran into issues because of a side effect of us usingyarn, it was this library's problem. Going forward, it will be the other way around (but also hopefully be better for consumers of the library on average)