NPM package has 01/01/1970 timestamps on uglify-js files (breaking build)

Do you want to request a feature or report a bug?
Bug

What is the current behavior?
The current release of Webpack on NPM includes Uglify-js files with a timestamp of the Unix epoch (1970). This has caused our deployment to break. (Python ZIP does not support timestamps before 1980.)

If the current behavior is a bug, please provide the steps to reproduce.

mkdir webpack-uglify-datestamp-bug
cd webpack-uglify-datestamp-bug
npm init
npm i webpack -S
touch -t 200001010000 /tmp/timestamp
find . ! -newer /tmp/timestamp -printf ‘%%Tc %%p\n’

Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/output.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/scope.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/ast.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/utils.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/transform.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/compress.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/sourcemap.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/mozilla-ast.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/parse.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/lib/propmangle.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/LICENSE
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/README.md
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/tools/node.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/tools/domprops.json
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/tools/exports.js
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/tools/props.html
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/bin/uglifyjs
Thu 01 Jan 1970 01:00:00 BST ./node_modules/uglify-js/bin/extract-props.js

What is the expected behavior?
Correct, recent timestamps

If this is a feature request, what is motivation or use case for changing the behavior?

Please mention other relevant information such as the browser version, Node.js version, webpack version and Operating System.
Ubuntu 16.04 LTS

Author: Fantashit

2 thoughts on “NPM package has 01/01/1970 timestamps on uglify-js files (breaking build)

  1. Package manager like npm and yarn ensure deterministic behavior for your app (using lockfiles).

    It’s common practice to depend on version ranges. This way users can get updates (like bugfixes) of dependencies without waiting for a new webpack version.

Comments are closed.