Switch to npm ci for reliable builds (#135)

commit: 7a3e90b7e26eb54a614a4d2b16d099c46b7ddaaf [log] [tgz]
author: kezhenxu94 <kezhenxu94@apache.org> Tue Sep 06 11:01:32 2022 +0800
committer: GitHub <noreply@github.com> Tue Sep 06 11:01:32 2022 +0800
tree: 2d5dfe14b9634c1a52c87a2e80d3688fd63072ee
parent: 7fca702e2eac3a619c0a7a412c2023bb451ee1ef [diff]
diff --git a/pkg/deps/npm.go b/pkg/deps/npm.go
index 129534e..63bc102 100644
--- a/pkg/deps/npm.go
+++ b/pkg/deps/npm.go

@@ -127,9 +127,11 @@
 	}
 }
 
-// InstallPkgs runs command 'npm install' to install node packages
+// InstallPkgs runs command 'npm ci' to install node packages,
+// using `npm ci` instead of `npm install` to ensure the reproducible builds.
+// See https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable
 func (resolver *NpmResolver) InstallPkgs() {
-	cmd := exec.Command("npm", "install")
+	cmd := exec.Command("npm", "ci")
 	logger.Log.Println(fmt.Sprintf("Run command: %v, please wait", cmd.String()))
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
commit	7a3e90b7e26eb54a614a4d2b16d099c46b7ddaaf	[log] [tgz]
author	kezhenxu94 <kezhenxu94@apache.org>	Tue Sep 06 11:01:32 2022 +0800
committer	GitHub <noreply@github.com>	Tue Sep 06 11:01:32 2022 +0800
tree	2d5dfe14b9634c1a52c87a2e80d3688fd63072ee
parent	7fca702e2eac3a619c0a7a412c2023bb451ee1ef [diff]