Updating package-lock.json to lockfileVersion 2

[NicolasMassart]

When using npm install on node 15, it automatically updates the package lock file.
Should I go back to a lower node version to update so that it doesn't change the lock version or is it ok?
@tcort any opinion on this?

[nschonni]

Dependabot will roll back any upgrade on the next time it runs

[NicolasMassart]

@tcort any thought about this? What prevents us to upgrade the package-lock format to "lockfileVersion": 2?

[nschonni]

Looks like support is there for Dependabot now https://github.blog/changelog/2021-02-08-dependabot-npm-v7-support/
Downside is that means all devs working on the project will need to upgrade to NPM 7, which can cause friction if not all their other projects have upgraded as well

[NicolasMassart]

well Node 7... we are now at 14 as an Active LTS version...
https://nodejs.org/en/about/releases/

[nschonni]

Node 14 is still shipping with NPM 6 https://nodejs.org/en/download/releases/, only Node 15 currently has NPM 7 out of the box. Although I think you might have mixed up Node and NPM in my previous comment

[NicolasMassart]

Yes I totally mixed them... Sorry.
So we keep the v1 package for now. Thanks!