Skip to content

feat: verify package-lock.json is UTD (up to date) & audited #4598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 43 commits into from
Aug 14, 2025
Merged

feat: verify package-lock.json is UTD (up to date) & audited #4598

merged 43 commits into from
Aug 14, 2025
+81 −1

Conversation

mfranzke
Copy link
Collaborator

@mfranzke mfranzke commented Jul 22, 2025
edited
Loading

Proposed changes

From time to time we experience out of date package-lock.json files. To prevent that those are resulting out of our local development (as they are unlikely based on dependabot updates), we should enforce that those are quickly checked in git push lifecycle phase.
Additionally running npm audit fix would ensure that some of the easy dependency fixes would get adapted directly.

Types of changes

  • Bugfix (non-breaking change that fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Refactoring (improvements to existing components or architectural decisions)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation Update (if none of the other choices apply)

Further comments

mfranzke added 23 commits July 22, 2025 08:39
@mfranzke
feat: we'd like to provide a quick check regarding
41664a4
@mfranzke
chore: worth a try
eeeea2d
@mfranzke
Revert "chore: worth a try"
cd63f49 
This reverts commit eeeea2d.
@mfranzke
Reapply "chore: worth a try"
45e3a05 
This reverts commit cd63f49.
@mfranzke
refactor: incorrect parameter
9ea15af
@mfranzke
refactor: corrected package-lock file
5f01b94
@mfranzke
chore: another try
52c9f51
@mfranzke
Revert "chore: another try"
0e558d1 
This reverts commit 52c9f51.
@mfranzke
chore: another try
ae9a456
@mfranzke
Revert "chore: another try"
3e6295f 
This reverts commit ae9a456.
@mfranzke
Reapply "chore: another try"
024e42e 
This reverts commit 3e6295f.
@mfranzke
Revert "Reapply "chore: another try""
a8fd3d4 
This reverts commit 024e42e.
@mfranzke
Reapply "Reapply "chore: another try""
b990c9f 
This reverts commit a8fd3d4.
@mfranzke
refactor: modified this file
d0c57f7
@mfranzke
Revert "Reapply "Reapply "chore: another try"""
8d59270 
This reverts commit b990c9f.
@mfranzke
Reapply "Reapply "Reapply "chore: another try"""
21dfc4e 
This reverts commit 8d59270.
@mfranzke
Revert "Reapply "Reapply "Reapply "chore: another try""""
c8e1a6a 
This reverts commit 21dfc4e.
@mfranzke
Reapply "Reapply "Reapply "Reapply "chore: another try""""
db0ebcd 
This reverts commit c8e1a6a.
@mfranzke
chore: another try
921422d
@mfranzke
Revert "chore: another try"
c02b633 
This reverts commit 921422d.
@mfranzke
chore: another try
b79000f
@mfranzke
refactor: another try
0fb88bb
@mfranzke
refactor: necessary update
b729283
@mfranzke mfranzke self-assigned this Jul 22, 2025
@mfranzke mfranzke requested a review from nmerget as a code owner July 22, 2025 07:25
@mfranzke mfranzke added the 🍄🆙improvement New feature or request label Jul 22, 2025
@mfranzke mfranzke moved this to 👀 In review in UX Engineering Team Backlog Jul 22, 2025
@mfranzke mfranzke removed their assignment Jul 22, 2025
@mfranzke mfranzke enabled auto-merge (squash) July 22, 2025 07:45
@mfranzke mfranzke moved this from 👀 In review to 🏗 In development in UX Engineering Team Backlog Jul 28, 2025
@mfranzke mfranzke marked this pull request as draft July 28, 2025 04:49
auto-merge was automatically disabled July 28, 2025 04:49

Pull request was converted to draft

@mfranzke mfranzke moved this from 🏗 In development to 👀 In review in UX Engineering Team Backlog Aug 1, 2025
@mfranzke mfranzke marked this pull request as ready for review August 1, 2025 20:48
@mfranzke mfranzke enabled auto-merge (squash) August 1, 2025 20:49
@mfranzke mfranzke requested a review from Copilot August 2, 2025 01:31
Copilot
Copilot AI reviewed Aug 2, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds verification to ensure package-lock.json files are up-to-date before pushing changes to prevent out-of-date lock files from being committed. The implementation adds both pre-push and pre-commit hooks to detect and handle package manager file changes.

  • Adds a pre-push hook that detects changes to package manager files and automatically runs install commands to verify lock files are current
  • Adds a lint-staged rule to run npm audit fix on package-lock.json changes during pre-commit
  • Supports both npm and pnpm package managers with automatic detection based on lock file presence

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
.husky/pre-push New pre-push hook script that detects package manager files and runs install commands to verify lock files are up-to-date
.config/.lintstagedrc.js Adds npm audit fix rule for package-lock.json files during pre-commit

@mfranzke mfranzke changed the title feat: verify package-lock.json UTD (up to date) feat: verify package-lock.json UTD (up to date) & audited Aug 4, 2025
@mfranzke mfranzke changed the title feat: verify package-lock.json UTD (up to date) & audited feat: verify package-lock.json is UTD (up to date) & audited Aug 13, 2025
mfranzke
mfranzke commented Aug 13, 2025
View reviewed changes
michaelmkraus
michaelmkraus reviewed Aug 13, 2025
View reviewed changes
@mfranzke mfranzke merged commit 56ee510 into main Aug 14, 2025
54 checks passed
@mfranzke mfranzke deleted the feat-verify-package-lock-utd branch August 14, 2025 08:59
@github-project-automation github-project-automation bot moved this from 👀 In review to ✅ Done in UX Engineering Team Backlog Aug 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@michaelmkraus michaelmkraus michaelmkraus approved these changes

@nmerget nmerget Awaiting requested review from nmerget nmerget is a code owner

Assignees
No one assigned
Labels
🍒 cherryPick Code that we should adapt from one repository to another. 🛠️configuration 🍄🆙improvement New feature or request
Projects
UX Engineering Team Backlog
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mfranzke @nmerget @michaelmkraus