Rollback shrinkwrap (#8926)

.github/CODEOWNERS

@@ -4,10 +4,10 @@
 # Require reviews from the release approvers for critical files.
 # These patterns override the rule above.
 /package.json @google-gemini/gemini-cli-askmode-approvers
-/npm-shrinkwrap.json @google-gemini/gemini-cli-askmode-approvers
+/package-lock.json @google-gemini/gemini-cli-askmode-approvers
 /GEMINI.md @google-gemini/gemini-cli-askmode-approvers
 /SECURITY.md @google-gemini/gemini-cli-askmode-approvers
 /LICENSE @google-gemini/gemini-cli-askmode-approvers
 /.github/workflows/ @google-gemini/gemini-cli-askmode-approvers
 /packages/cli/package.json @google-gemini/gemini-cli-askmode-approvers
-/packages/core/package.json @google-gemini/gemini-cli-askmode-approvers
+/packages/core/package.json @google-gemini/gemini-cli-askmode-approvers

.github/actions/publish-release/action.yml

@@ -69,14 +69,8 @@ runs:
         BRANCH_NAME: '${{ steps.release_branch.outputs.BRANCH_NAME }}'
         DRY_RUN: '${{ inputs.dry-run }}'
         RELEASE_TAG: '${{ inputs.release-tag }}'
-      run: |
-        git add package.json packages/*/package.json
-        if [ -f npm-shrinkwrap.json ]; then
-          git add npm-shrinkwrap.json
-        fi
-        if [ -f package-lock.json ]; then
-          git add package-lock.json
-        fi
+      run: |-
+        git add package.json package-lock.json packages/*/package.json
         git commit -m "chore(release): ${RELEASE_TAG}"
         if [[ "${DRY_RUN}" == "false" ]]; then
           echo "Pushing release branch to remote..."

.github/workflows/e2e.yml

@@ -45,7 +45,7 @@ jobs:
         run: 'npm run build'
 
       - name: 'Archive build artifacts'
-        run: 'tar -cvf build-artifacts.tar bundle/ node_modules/ packages/ package.json npm-shrinkwrap.json'
+        run: 'tar -cvf build-artifacts.tar bundle/ node_modules/ packages/ package.json'
 
       - name: 'Upload build artifacts'
         uses: 'actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02'

.github/workflows/release-promote.yml

@@ -303,9 +303,6 @@ jobs:
           DRY_RUN: '${{ github.event.inputs.dry_run }}'
         run: |-
           git add package.json packages/*/package.json
-          if [ -f npm-shrinkwrap.json ]; then
-            git add npm-shrinkwrap.json
-          fi
           if [ -f package-lock.json ]; then
             git add package-lock.json
           fi

.prettierignore

@@ -17,5 +17,4 @@ eslint.config.js
 **/generated
 gha-creds-*.json
 junit.xml
-npm-shrinkwrap.json
 Thumbs.db

package.json

@@ -59,8 +59,7 @@
   "files": [
     "bundle/",
     "README.md",
-    "LICENSE",
-    "npm-shrinkwrap.json"
+    "LICENSE"
   ],
   "devDependencies": {
     "@types/marked": "^5.0.2",

packages/cli/package.json

@@ -22,8 +22,7 @@
     "typecheck": "tsc --noEmit"
   },
   "files": [
-    "dist",
-    "npm-shrinkwrap.json"
+    "dist"
   ],
   "config": {
     "sandboxImageUri": "us-docker.pkg.dev/gemini-code-dev/gemini-cli/sandbox:0.7.0-nightly.20250918.2722473a"

packages/vscode-ide-companion/scripts/generate-notices.js

@@ -94,7 +94,7 @@ function collectDependencies(packageName, packageLock, dependenciesMap) {
   const packageInfo = packageLock.packages[`node_modules/${packageName}`];
   if (!packageInfo) {
     console.warn(
-      `Warning: Could not find package info for ${packageName} in npm-shrinkwrap.json.`,
+      `Warning: Could not find package info for ${packageName} in package-lock.json.`,
     );
     return;
   }
@@ -114,7 +114,7 @@ async function main() {
     const packageJsonContent = await fs.readFile(packageJsonPath, 'utf-8');
     const packageJson = JSON.parse(packageJsonContent);
 
-    const packageLockJsonPath = path.join(projectRoot, 'npm-shrinkwrap.json');
+    const packageLockJsonPath = path.join(projectRoot, 'package-lock.json');
     const packageLockJsonContent = await fs.readFile(
       packageLockJsonPath,
       'utf-8',

scripts/check-lockfile.js

@@ -10,7 +10,7 @@ import { fileURLToPath } from 'node:url';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const root = join(__dirname, '..');
-const lockfilePath = join(root, 'npm-shrinkwrap.json');
+const lockfilePath = join(root, 'package-lock.json');
 
 function readJsonFile(filePath) {
   try {
@@ -64,7 +64,7 @@ for (const [location, details] of Object.entries(packages)) {
 
 if (invalidPackages.length > 0) {
   console.error(
-    '\nError: The following dependencies in npm-shrinkwrap.json are missing the "resolved" or "integrity" field:',
+    '\nError: The following dependencies in package-lock.json are missing the "resolved" or "integrity" field:',
   );
   invalidPackages.forEach((pkg) => console.error(`- ${pkg}`));
   process.exitCode = 1;

scripts/prepare-package.js

@@ -46,7 +46,6 @@ copyFiles('core', {
 copyFiles('cli', {
   'README.md': 'README.md',
   LICENSE: 'LICENSE',
-  'npm-shrinkwrap.json': 'npm-shrinkwrap.json',
 });
 
 console.log('Successfully prepared all packages.');

scripts/version.js

@@ -75,7 +75,7 @@ if (cliPackageJson.config?.sandboxImageUri) {
   writeJson(cliPackageJsonPath, cliPackageJson);
 }
 
-// 6. Run `npm install` to update npm-shrinkwrap.json.
+// 6. Run `npm install` to update package-lock.json.
 run('npm install');
 
 console.log(`Successfully bumped versions to v${newVersion}.`);