feat(install): very strict global npm engines #3731
Conversation
|
Can it assume that if npm lacks an engines field, it’s not compatible? That would only prevent installing npm < 6, and non-latest npm 6, right? |
|
npm-install-check fails open if there is no engines field. Versions of npm without an engines entry will not fail. https://github.com/npm/npm-install-checks/blob/master/index.js#L8-L12 |
|
In general that’s obviously the right semantic - but this is a special case for npm itself. Why would we want to allow older npms to be installed by npm 7.next+? |
I'm erring on the side of only taking action if we have the info to take that action. |
|
Right, but this only applies to npm - and you have the info that any npm without an engines field is obsolete. Why allow it to be installed? |
|
It's more effort than it's worth. Right now we are letting the |
darcyclarke
added
Release 7.x
This will do an engines check when installing npm globally and fail if the new npm is known not to work in the current node version. It will not work for older npm versions because they don't have an engines field (it wasn't added till npm@6.14.0). It will at least prevent npm@7 from being installed in node@8. PR-URL: #3731 Credit: @wraithgar Close: #3731 Reviewed-by: @nlf
wraithgar
force-pushed
the
gar/npm-engines-check
branch
from
c837ab0
to
6c12500
Compare
This will do an engines check when installing npm globally and fail if
the new npm is known not to work in the current node version.
It will not work for older npm versions because they don't have an
engines field (it wasn't added till npm@6.14.0). It will at least
prevent npm@7 from being installed in node@8.
References
Closes #2612