frontend: lock npm dependencies via package-lock.json
Follow-up to 9e558c3. Runs `npm install` with the new nodejs_22 + npm
toolchain that just landed in iris's container (approval dfae406),
which generates the lockfile + node_modules tree. Only the lockfile
is checked in; node_modules/ stays in .gitignore.
Pinned versions (resolved by npm from the package.json constraints):
- chart.js 4.4.4 (replaces the jsDelivr CDN script on stats.html)
- marked 4.3.0 (replaces hive-fr0nt/assets/marked.umd.js)
- esbuild 0.25.5 (bumped from 0.24.0 to clear an audit warning
about the dev-server CSRF advisory; bundling
behaviour is unaffected)
Validated locally:
npm install — 0 vulnerabilities reported
npm run build — both workspace builds succeed
dashboard: dist/{app.js (149kb), dashboard.css (33kb), index.html}
agent: dist/{app.js (114kb), stats.js (435kb), agent.css (16kb),
index.html, stats.html, screen.html}
Stripped-comment diff of dist/dashboard.css vs the runtime concat
(BASE_CSS + TERMINAL_CSS + assets/dashboard.css) shows only
whitespace + comment-strip differences — selectors/properties match.
Hermetic-build wiring (the Nix `buildNpmPackage` derivation that
consumes this lockfile) lands in Phase 2 on a follow-up commit.
Refs #273.
This commit is contained in:
iris
Mara
parent
8bebd78895
commit
9c7d4df08c
2 changed files with 550 additions and 1 deletions
|
|
@ -13,6 +13,6 @@
|
|||
"clean": "rm -rf packages/*/dist"
|
||||
},
|
||||
"devDependencies": {
|
||||
"esbuild": "0.24.0"
|
||||
"esbuild": "0.25.5"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue