When running npm install -g @hyperplay/cli, the package-lock.json file is not installed. This means only the semver in the package.json is used to resolve dependencies.
This was a source of bugs when running locally and in CI with 2.9.5 valist/sdk in the package-lock.json was being used, but when installed globally, the ^2.9.5 valist/sdk version from the package.json was being used. Thus 2.9.6 was being installed and breaking the publish command even though all the tests were passing.
We should figure out a way to ship the package-lock.json (files array in package.json did not work) or ignore the package-lock.json in the CI for running the tests. This way we can test with the same dependency packages that are being used in production and prevent this class of bugs.
When running
npm install -g @hyperplay/cli, the package-lock.json file is not installed. This means only the semver in the package.json is used to resolve dependencies.This was a source of bugs when running locally and in CI with 2.9.5 valist/sdk in the package-lock.json was being used, but when installed globally, the ^2.9.5 valist/sdk version from the package.json was being used. Thus 2.9.6 was being installed and breaking the publish command even though all the tests were passing.
We should figure out a way to ship the package-lock.json (files array in package.json did not work) or ignore the package-lock.json in the CI for running the tests. This way we can test with the same dependency packages that are being used in production and prevent this class of bugs.