Conversation
2 tasks
Contributor
There was a problem hiding this comment.
Pull request overview
This PR tightens Node.js and npm version enforcement for the desktop UI to reduce package-lock.json drift between contributors. The changes add an npm engine constraint and enable strict engine checking in the desktop app’s npm configuration.
Changes:
- Declare
npm: "^11.3.0"alongside the existingnode: "^24.0.0"inui/desktop/package.json. - Mirror the engine constraints in the root package entry of
ui/desktop/package-lock.json. - Enable
engine-strict=trueinui/desktop/.npmrcsonpmenforces the declaredenginesat install time.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| ui/desktop/package.json | Adds an npm engine constraint to keep contributors on a minimum npm version aligned with the Node 24 requirement. |
| ui/desktop/package-lock.json | Updates the lockfile’s root package metadata to include the new npm engine constraint, keeping it consistent with package.json. |
| ui/desktop/.npmrc | Enables strict engine enforcement so installs fail when Node/npm don’t meet the declared minimum versions. |
Files not reviewed (1)
- ui/desktop/package-lock.json: Language not supported
ui/desktop/.npmrc
Outdated
| @@ -1 +1,2 @@ | |||
| registry=https://registry.npmjs.org/ | |||
| engine-strict=true No newline at end of file | |||
There was a problem hiding this comment.
With engine-strict=true and "node": "^24.0.0" in ui/desktop/package.json, any npm install in this package (including the Bundle Desktop (Windows) workflow which currently uses Node 22 via actions/setup-node) will now fail the engine check; please either align the CI/workflow Node version with ^24.0.0 or relax/remove engine-strict so existing release workflows continue to run.
Collaborator
Author
There was a problem hiding this comment.
yes, what copilot said is valid. Now I decided to remove it and not to enforce the check. I've also update the doc so that it is clear for users about the prerequisite of hermit activation
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.
Files not reviewed (1)
- ui/desktop/package-lock.json: Language not supported
Comments suppressed due to low confidence (1)
.github/workflows/bundle-desktop-windows.yml:71
- You've updated the Node version used by this workflow to 24, but the npm cache key and restore-keys still embed the old "node22" label, which can be misleading when debugging or rotating caches; consider updating the cache key prefix to match the current Node major version.
node-version: 24
- name: Cache node_modules
uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # pin@v3
with:
path: |
node_modules
ui/desktop/node_modules
.hermit/node/cache
key: windows-npm-cache-v1-${{ runner.os }}-node22-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
windows-npm-cache-v1-${{ runner.os }}-node22-
ui/desktop/package.json
Outdated
Comment on lines
6
to
8
| "engines": { | ||
| "node": "^24.0.0" | ||
| "node": ">=24.10.0", | ||
| "npm": ">=11.6.1" |
There was a problem hiding this comment.
The npm and node engine constraints here don't match the values described in the PR summary (which mentions npm "^11.3.0" and node "^24.0.0"), so it's unclear which versions are intended to be the minimum enforced ones; please either align these "engines" values with the description or update the PR description to reflect the chosen constraints.
lifeizhou-ap
changed the title
zanesq
added a commit
that referenced
this pull request
Jan 29, 2026
* 'main' of github.com:block/goose: (62 commits) Swap canonical model from openrouter to models.dev (#6625) Hook thinking status (#6815) Fetch new skills hourly (#6814) copilot instructions: Update "No prerelease docs" instruction (#6795) refactor: centralize audience filtering before providers receive messages (#6728) update doc to remind contributors to activate hermit and document minimal npm and node version (#6727) nit: don't spit out compaction when in term mode as it fills up the screen (#6799) fix: correct tool support detection in Tetrate provider model fetching (#6808) Session manager fixes (#6809) fix(desktop): handle quoted paths with spaces in extension commands (#6430) fix: we can default gooseignore without writing it out (#6802) fix broken link (#6810) docs: add Beads MCP extension tutorial (#6792) feat(goose): add support for AWS_BEARER_TOKEN_BEDROCK environment variable (#6739) [docs] Add OSS Skills Marketplace (#6752) feat: make skills available in codemode (#6763) Fix: Recipe Extensions Not Loading in Desktop (#6777) Different approach to determining final confidence level of prompt injection evaluation outcomes (#6729) fix: read_resource_tool deadlock causing test_compaction to hang (#6737) Upgrade error handling (#6747) ...
zanesq
added a commit
that referenced
this pull request
Jan 29, 2026
…sion-session * 'main' of github.com:block/goose: (78 commits) copilot instructions: Update "No prerelease docs" instruction (#6795) refactor: centralize audience filtering before providers receive messages (#6728) update doc to remind contributors to activate hermit and document minimal npm and node version (#6727) nit: don't spit out compaction when in term mode as it fills up the screen (#6799) fix: correct tool support detection in Tetrate provider model fetching (#6808) Session manager fixes (#6809) fix(desktop): handle quoted paths with spaces in extension commands (#6430) fix: we can default gooseignore without writing it out (#6802) fix broken link (#6810) docs: add Beads MCP extension tutorial (#6792) feat(goose): add support for AWS_BEARER_TOKEN_BEDROCK environment variable (#6739) [docs] Add OSS Skills Marketplace (#6752) feat: make skills available in codemode (#6763) Fix: Recipe Extensions Not Loading in Desktop (#6777) Different approach to determining final confidence level of prompt injection evaluation outcomes (#6729) fix: read_resource_tool deadlock causing test_compaction to hang (#6737) Upgrade error handling (#6747) Fix/filter audience 6703 local (#6773) chore: re-sync package-lock.json (#6783) upgrade electron to 39.3.0 (#6779) ...
lifeizhou-ap
added a commit
that referenced
this pull request
Jan 29, 2026
* main: docs: usage data collection (#6822) feat: platform extension migrator + code mode rename (#6611) feat: CLI flag to skip loading profile extensions (#6780) Swap canonical model from openrouter to models.dev (#6625) Hook thinking status (#6815) Fetch new skills hourly (#6814) copilot instructions: Update "No prerelease docs" instruction (#6795) refactor: centralize audience filtering before providers receive messages (#6728) update doc to remind contributors to activate hermit and document minimal npm and node version (#6727) nit: don't spit out compaction when in term mode as it fills up the screen (#6799) fix: correct tool support detection in Tetrate provider model fetching (#6808) Session manager fixes (#6809) fix(desktop): handle quoted paths with spaces in extension commands (#6430) fix: we can default gooseignore without writing it out (#6802) fix broken link (#6810) docs: add Beads MCP extension tutorial (#6792) feat(goose): add support for AWS_BEARER_TOKEN_BEDROCK environment variable (#6739)
Tyler-Hardin
pushed a commit
to Tyler-Hardin/goose
that referenced
this pull request
Feb 11, 2026
…imal npm and node version (block#6727)
Tyler-Hardin
pushed a commit
to Tyler-Hardin/goose
that referenced
this pull request
Feb 11, 2026
…imal npm and node version (block#6727)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why
Contributor used different npm versions (V11.3.0) and generated package-lock.json differently (e.g., peer: true fields), causing lockfile drift across contributors.
What
npm installType of Change
AI Assistance
Testing
CI