Use same sorting logic for sorting dependencies as npm v7

[G-Rath]

NPM v7 changed the way dependencies are sorted very slightly which means this:

{
  "name": "spj-te",
  "dependencies": {
    "sort-package-json": "^1.52.0"
  },
  "devDependencies": {
    "@types/koa-bodyparser": "^4.3.3",
    "@types/koa__router": "^8.0.8"
  }
}

becomes this:

{
  "name": "spj-te",
  "dependencies": {
    "sort-package-json": "^1.52.0"
  },
  "devDependencies": {
    "@types/koa__router": "^8.0.8",
    "@types/koa-bodyparser": "^4.3.3"
  }
}

The specific change they made was to use localeCompare, which technically the better way for sorting strings than just calling sort but means npm v7 & above sort differently compared to both sort-package-json and the other two main package managers.

I opened an issue for discussion about this but it was closed with a comment about the change being intentional: npm/cli#3935

I was thinking that sort-package-json could attempt to figure out if it should use localeCompare by trying to read package-lock.json and checking if the lockfileVersion is greater than 1, otherwise falling back to its current behaviour if its 1 or the lock cannot be read.

I'm happy to implement this change.

[keithamus]

I'd be quite happy to just unilaterally change to using localeCompare, if that seems like a good change to you?

[G-Rath]

@keithamus yup I think in the long-run it makes sense, so if you're happy to start using it now I'll make a PR.

[G-Rath]

hmm I've applied this but the output is still not what npm v7 is giving, so will need to look into this further.

[Nokel81]

Any update on this? Would be nice to have the dependencies sorted the same order as npm has them

[G-Rath]

@Nokel81 I've been really on the fence about this because NPM v7+ actually sorts slightly different to all other package managers and they're not going to change that because apparently it'll create too much churn for NPM v7+ users...

In my experience I've only ever had this once on a project, with the dependencies mentioned above since it only impacts the sort order of - vs _, which is very rare to have packages matching except for those characters.

[Nokel81]

I noticed it specifically because of the dash and underscore. Due to ansi_up and ansi-exp.

I definitely think that fit projects using npm should be able to specify this sort order

[keithamus]

We could also detect what npm version is being used and do the right thing.

I'm happy to look over any PR that anyone wants to write on this 😉

[G-Rath]

Actually with packageManager being in package.json, that should be very easy to do 🤔

[Nokel81]

Or even with .engines.npm being set

[Nokel81]

Okay I can try

[rgant]

Mark this to look into working on later as it annoys me so much that eslint_d gets moved around by sort-package-json and npm install.

[G-Rath]

Yeah I've actually had this tab open for a few months to get done when I have some bandwidth, as we've recently started switching everything over to using npm at work 😅

fwiw at this point I think it should be lockfile based i.e. applying the different sort only if package-lock.json is present.