-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
5
-
None
-
Developer Tools
Currently, our homebrew publishing step runs `npm install` in the cli-repl package without a package-lock.json (or npm-shrinkwrap.json, which is the equivalent of package-lock intended to be used for CLI packages):
This means that actual packages installed on disk may not match what we've tested mongosh with. For example, this has been a contributing factor in HELP-79517, where a customer ran into an issue with a patch in a mongosh dependency that we hadn't updated yet in the latest mongosh release.
The simplest way to fix this would probably be to add an npm-shrinkwrap.json file to mongosh's @mongosh/cli-repl package as well as the mongosh package itself, or maybe even to add the shrinkwrap to only the mongosh package and change the homebrew process to consume that package instead.