chore: generate lockfile for audit, install speed

Author: wkillerud

.github/workflows/release.yml

@@ -1,42 +1,39 @@
 name: Release on main
 
 permissions:
-    contents: write # to be able to publish a GitHub release
-    issues: write # to be able to comment on released issues
-    pull-requests: write # to be able to comment on released pull requests
-    id-token: write # to enable use of OIDC for npm provenance
+  contents: write # to be able to publish a GitHub release
+  issues: write # to be able to comment on released issues
+  pull-requests: write # to be able to comment on released pull requests
+  id-token: write # to enable use of OIDC for npm provenance
 
 on:
-    push:
-        branches:
-            - main
+  push:
+    branches:
+      - main
 
 # Cancel previous workflows which might still be running
 concurrency:
-    group: ${{ github.workflow }}-${{ github.ref }}
-    cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-    release:
-        name: Release
-        runs-on: ubuntu-latest
-        steps:
-            - name: Checkout
-              uses: actions/checkout@v4
-
-            - name: Install Node.js
-              uses: actions/setup-node@v4
-              with:
-                  node-version: 20
-
-            - name: Install dependencies
-              run: npm install
-
-            - name: Run all tests
-              run: npm test
-
-            - name: Release and publish
-              run: npx semantic-release
-              env:
-                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-                  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - run: npm ci
+
+      - run: npm test
+
+      - run: npx semantic-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/test.yml

@@ -20,11 +20,8 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
 
-      - name: Install dependencies
-        run: npm install
+      - run: npm ci
 
-      - name: Lint
-        run: npm run lint
+      - run: npm run lint
 
-      - name: Run tests
-        run: npm test
+      - run: npm test

.gitignore

@@ -8,6 +8,5 @@ tmp/**/*
 *.log
 coverage
 .vscode
-package-lock.json
 .nyc_output
 .tap/

.npmrc

@@ -1,2 +1,18 @@
-package-lock=false
+; Don't download optionalDependencies and peerDependencies.
+; Conflicting peerDependencies is a source of issues with npm install.
+; This setting forces us to be explicit about listing dependencies.
+omit=optional
+omit=peer
+
+registry=https://registry.npmjs.org
+
+; Prefer specifying dependency versions explicitly. Renovate will open
+; pull requests that handle most dependency updates for you.
 save-exact=true
+
+; Treat conflicting peerDependencies as a failure,
+; even if npm can reasonably guess an appropriate resolution.
+strict-peer-deps=true
+
+; Renovate will update packageManager for us.
+update-notifier=false