Hello! Jelle Licht writes: > Philip McGrath writes: > >> Add a new phase `#:delete-package-lock` to remove the >> problematic "package-lock.json". > > package-lock.json lists exact versions _and integrity hashes_; since it > seems unlikely that after node-build-system's finaggling we end up with > an identical hash, we will always have a mismatch and fetch 'proper' > sources online accordingly. As far as npm + package-lock.json are > concerned, we don't have them properly installed. > > From what I have seen package-lock.json offers us no benefits (because > we track exact dependency information via the guix store) and can (as > you have seen) prevent builds from working. My 2c: always remove it in a > phase in the build system. I’m inclined to agree with Jelle and Liliana. I can’t imagine a situation in which we would want the lock files. We could be wrong, but we can always adjust the build system later if something surprising happens (e.g., ‘#:keep-lock-file?’ or whatever). -- Tim