fix(ci): unbreak CI by syncing lockfile, dropping Node 18, declaring …#77
Open
nishant-uxs wants to merge 1 commit into
Open
fix(ci): unbreak CI by syncing lockfile, dropping Node 18, declaring …#77nishant-uxs wants to merge 1 commit into
nishant-uxs wants to merge 1 commit into
Conversation
…engines
Problem
-------
Every PR's Tests workflow (and Coverage workflow) currently fails at the
'Install dependencies' step with:
npm error code EUSAGE
npm error 'npm ci' can only install packages when your package.json
and package-lock.json or npm-shrinkwrap.json are in sync.
npm error Missing: zod@3.25.76 from lock file
Root cause
----------
1. package.json declares 'zod ^4.3.6' but package-lock.json was last
updated when the resolved tree contained zod@3.25.76, leaving the two
files out of sync. 'npm ci' is strict and refuses to install in this
state, so every PR build fails before tests can even run.
2. The Tests matrix includes 'node 18.x', but several transitive deps
(e.g. via @stellar/stellar-sdk and @langchain/core) require
'^20.0.0 || ^22.0.0 || >24.0.0' and emit EBADENGINE warnings on 18.
The repo also has no 'engines' field, so npm cannot guard against
accidentally running on an unsupported Node version.
Fix
---
* package-lock.json: regenerated from package.json so 'npm ci' succeeds
* .github/workflows/test.yml:
- drop 18.x from the matrix, add 22.x (current LTS)
- 'fail-fast: false' so a flake in one Node version doesn't cancel the
other (Cancelled jobs were appearing in attempt-2 reruns)
- 'npm ci --no-audit --no-fund' for cleaner logs
* .github/workflows/coverage.yml:
- same 'npm ci --no-audit --no-fund'
- upload the generated coverage report as a build artifact so
contributors can inspect coverage without running locally
* package.json: declare 'engines.node: >=20.0.0' so the supported
runtime is explicit and 'npm install' warns on older Node
Verification
------------
* Removed node_modules + ran 'npm ci' clean: 482 packages installed, no errors
* 'npm test': 59/59 tests pass
* 'npm run build': tsc + postbuild succeed
This change is intentionally scoped to CI/build hygiene only \u2014 no source
or test files are modified.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This blocks every contributor — no PR can show green CI until this is fixed.
Root cause
zod ^4.3.6but package-lock.json was lastupdated when the resolved tree contained
zod@3.25.76.npm ciisstrict and refuses to install when they're out of sync.
node 18.x, but transitive deps (via@stellar/stellar-sdkand@langchain/core) require^20 || ^22 || >24and emit
EBADENGINEwarnings. There's noenginesfield guardingagainst this.
Fix
npm cisucceeds.18.x, add22.x; setfail-fast: false; switch tonpm ci --no-audit --no-fundfor cleaner logs.coverage/as a build artifact so reviewers can inspect coverage without running locally.
"engines": { "node": ">=20.0.0" }.Verification
Locally on Node 20 with a clean
node_modules:npm ci --no-audit --no-fundnpm testnpm run buildScope
This PR is intentionally scoped to CI/build hygiene only — no source,
test, or behavior changes.