From 182d1c7348b08947bad4e39b5aed9c53f7e7717a Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Wed, 21 Feb 2018 08:12:25 +0100
Subject: [PATCH] fix: don't use --package-lock-only for npm install (#1544)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Revert "fix: disable reusing existing package-lock.json when upgrading (#1530)"

This reverts commit 2728e39963d020114c4ed10d5614944ba2d788cb.

* switch from —package-lock-only to —ignore-scripts

Removing `--package-lock-only` option from npm installs due to https://github.com/npm/npm/issues/19852

Pretty sure this fixes #1495
---
 lib/workers/branch/lerna.js            | 2 +-
 lib/workers/branch/lock-files.js       | 3 ---
 lib/workers/branch/npm.js              | 2 +-
 test/workers/branch/lock-files.spec.js | 8 ++++----
 4 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/lib/workers/branch/lerna.js b/lib/workers/branch/lerna.js
index b4f85b864f..29ccfff9f6 100644
--- a/lib/workers/branch/lerna.js
+++ b/lib/workers/branch/lerna.js
@@ -23,7 +23,7 @@ async function generateLockFiles(manager, tmpDir, env) {
     logger.debug('Using lerna version ' + lernaVersion);
     const params =
       manager === 'npm'
-        ? '--package-lock-only'
+        ? '--ignore-scripts'
         : '--ignore-scripts --ignore-engines --ignore-platform --mutex network:31879';
     const cmd = `${manager} install ${params} && npx lerna@${lernaVersion} bootstrap -- ${params}`;
     logger.debug({ cmd });
diff --git a/lib/workers/branch/lock-files.js b/lib/workers/branch/lock-files.js
index bbedb8ebc4..0572e50587 100644
--- a/lib/workers/branch/lock-files.js
+++ b/lib/workers/branch/lock-files.js
@@ -237,8 +237,6 @@ async function writeExistingFiles(config) {
         packageFile.yarnrc.replace('--install.pure-lockfile true', '')
       );
     }
-    /*
-    // TODO: restore this functionality when https://github.com/npm/npm/issues/19852 is fixed
     if (packageFile.packageLock && config.type !== 'lockFileMaintenance') {
       logger.debug(`Writing package-lock.json to ${basedir}`);
       const existingPackageLock =
@@ -255,7 +253,6 @@ async function writeExistingFiles(config) {
       logger.debug(`Removing ${basedir}/package-lock.json`);
       await fs.remove(upath.join(basedir, 'package-lock.json'));
     }
-    */
     if (packageFile.yarnLock && config.type !== 'lockFileMaintenance') {
       logger.debug(`Writing yarn.lock to ${basedir}`);
       const yarnLock = await platform.getFile(packageFile.yarnLock);
diff --git a/lib/workers/branch/npm.js b/lib/workers/branch/npm.js
index 4ce710ca4a..5875fc31be 100644
--- a/lib/workers/branch/npm.js
+++ b/lib/workers/branch/npm.js
@@ -53,7 +53,7 @@ async function generateLockFile(tmpDir, env) {
       }
     }
     logger.debug(`Using npm: ${cmd}`);
-    cmd = `ls -l && ${cmd} --version && ${cmd} install --package-lock-only`;
+    cmd = `ls -l && ${cmd} --version && ${cmd} install --ignore-scripts`;
     // TODO: Switch to native util.promisify once using only node 8
     ({ stdout, stderr } = await exec(cmd, {
       cwd: tmpDir,
diff --git a/test/workers/branch/lock-files.spec.js b/test/workers/branch/lock-files.spec.js
index c6541340c3..73b3ed149e 100644
--- a/test/workers/branch/lock-files.spec.js
+++ b/test/workers/branch/lock-files.spec.js
@@ -291,7 +291,7 @@ describe('workers/branch/lock-files', () => {
       ];
       await writeExistingFiles(config);
       expect(fs.outputFile.mock.calls).toHaveLength(6);
-      expect(fs.remove.mock.calls).toHaveLength(4);
+      expect(fs.remove.mock.calls).toHaveLength(6);
     });
     it('writes package.json of local lib', async () => {
       const renoPath = upath.join(__dirname, '../../../');
@@ -313,7 +313,7 @@ describe('workers/branch/lock-files', () => {
       ];
       platform.getFile.mockReturnValue('some lock file contents');
       await writeExistingFiles(config);
-      expect(fs.outputFile.mock.calls).toHaveLength(4);
+      expect(fs.outputFile.mock.calls).toHaveLength(5);
       expect(fs.remove.mock.calls).toHaveLength(1);
     });
     it('Try to write package.json of local lib, but file not found', async () => {
@@ -336,7 +336,7 @@ describe('workers/branch/lock-files', () => {
       ];
       platform.getFile.mockReturnValue(null);
       await writeExistingFiles(config);
-      expect(fs.outputFile.mock.calls).toHaveLength(2);
+      expect(fs.outputFile.mock.calls).toHaveLength(3);
       expect(fs.remove.mock.calls).toHaveLength(1);
     });
     it('detect malicious intent (error config in package.json) local lib is not in the repo', async () => {
@@ -359,7 +359,7 @@ describe('workers/branch/lock-files', () => {
       ];
       platform.getFile.mockReturnValue(null);
       await writeExistingFiles(config);
-      expect(fs.outputFile.mock.calls).toHaveLength(2);
+      expect(fs.outputFile.mock.calls).toHaveLength(3);
       expect(fs.remove.mock.calls).toHaveLength(1);
     });
   });
-- 
GitLab