Node.js role: force installation of the latest npm version

[LeBenLeBen]

Developers often complains about weird and/or unexpected changes in their package-lock.json. This is often caused by multiple developers not using the same npm version installed. This PR aims to force the installation of the latest npm version instead of using the one coming by default with the chosen Node version.

• This PR is an Improvement
• Fixes Node: install latest version of npm #243

• Documentation is written
• parameters.yml.dist is updated
• playbook.yml.dist is updated
• Changelog was updated

[sephii]

I'm not sure about this one. In the Python role, I explicitly set the version of pip to install, to ensure that all developers use the same version. Using state=latest means that there's no guarantee that all the boxes will use the same npm versions, potentially leading to weird issues (eg. "works for me, can't reproduce" or issues with the package-lock.json file). Take for example a project that starts in January with 2 devs, and in May a new dev comes in and provisions the box and in the meantime there's a new NPM version released, then he won't have the same NPM version as the 2 other devs.

I think we should either stick to the default npm that comes with node, or explicitly set the version to install (possibly allowing to override it with a setting).

[sephii]

After giving it more thought I think the only way to make the role always install the same npm version would be to specify the version to install, as even using state=present would cause the same problem described above.

@LeBenLeBen what do you think about adding the NPM version as a variable and set a reasonable default in the role?

[LeBenLeBen]

@sephii This wouldn't really solve the initial problem. Afaik npm version is already the same for everyone by default because it installs the one that is coming with the defined Node version. The “problem” is that npm continuously prompt users to update it manually every time a new version is released.

My idea here was to follow the same path and always install the latest version compatible with the Node version installed. Pinning the version would be more a problem than a solution because it could result in incompatibility with the Node version installed.

[sephii]

@LeBenLeBen Your original tension was:

Developers often complains about weird and/or unexpected changes in their package-lock.json. This is often caused by multiple developers not using the same npm version installed.

Unless I'm missing something, always using the latest npm version will make this issue even worse: developers will continue having different npm versions depending on when they provision their boxes, and they will continue having unexpected changes in their package-lock.json file. The only way I can think of that would solve this specific issue would be to pin the npm version.

Now for the problem of npm warning users they're not using the latest version, it's a different problem and I'm not even sure we should do anything about it if it's only cosmetic (I don't even understand why users should be warned when they don't use the latest version).

[LeBenLeBen]

Dropped considering the feedbacks above, I'll come back with a different solution.