-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarification needed for package lock files #2271
Comments
I'm running into this, too. My current approach, painfully, is to manually Notably, if you have packages which depend on other, unpublished packages, this is going to be … extremely not-fun:
yikes! |
We have exactly the same issue as @simllll It seems reasonable that there should be a workflow where you have complete control over which dependencies are used through lock files, and you're not exposed to new packages breaking deploys. Maybe we're missing something? |
This allows us to remove package-lock.json in subpackages. See the following: * https://github.com/lerna/lerna/tree/main/commands/bootstrap * lerna/lerna#2271 Since we have npm-check-updates, we do not need to run npm outdated. npm outdated does not work without node_modules in each subpackage. The hoist option does not allow this.
I was very wondered when I redo a My root How to solve this issue in a correct way? |
This allows us to remove package-lock.json in subpackages. See the following: * https://github.com/lerna/lerna/tree/main/commands/bootstrap * lerna/lerna#2271 Since we have npm-check-updates, we do not need to run npm outdated. npm outdated does not work without node_modules in each subpackage. The hoist option does not allow this.
Hi all, it is no longer recommended to use Older versions of Lerna that don't support workspaces are no longer supported, and alternatives to workspaces are outlined in that doc. |
There are a lot of open and closed issues around regarding lock files (mainly I was looking for package-lock.json issues with npm).
I'm not quite sure if this is intended, or if it is a bug.. but I do not get any lock file in my sub packages. I'm hoisting all the dependencies though, which would actually make sense to me that it is hard for any kind of lock file to get generated.
So first I would like to clarify if this is the case: does hoisting prevent package lock files to get generated in my sub packages? I only have one in my root folder.
The problem with this is that I just hoist for development purposes, as soon as the CI pipeline kicks in, all the dependenices get build & published, and afterwards a npm install in the "sub directory" is executed... but now this npm install has no package-lock to refer to. This turned out already badly several times, as suddenly a wild new package appears which breaks something in the current build.
Is there any better approach? How do you maintain your lock files for the sub folder guys? Or how could I solve my issue to "reference" the package-lock file from the root folder even though I'm running a npm install in a sub folder?
Expected Behavior
Current Behavior
Steps to Reproduce (for bugs)
lerna.json
Context
Ran into several deployment issues due to the missing package-lock file.
Your Environment
linux / CI build
lerna --version
npm --version
node --version
The text was updated successfully, but these errors were encountered: