Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does lerna support npm 8? (esp. the overrides feature) #3102

Closed
gjgarryuan opened this issue Apr 3, 2022 · 5 comments
Closed

Does lerna support npm 8? (esp. the overrides feature) #3102

gjgarryuan opened this issue Apr 3, 2022 · 5 comments
Labels
scope: package management Issues with the bootstrap/add/link commands that relate to package management

Comments

@gjgarryuan
Copy link

I need to use npm 8 for its "overrides" feature (reference: https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides) so that I can override a transitive dependency for one of the packages in the monorepo.

In the meanwhile, the monorepo is bootstrapped with:

  • hoist
  • force-local

I thought Lerna must have been delegating the install to npm so the overrides should just work, but that's not the case.

In the package.json of the package, I am trying to override the following:

{
  ...,
  "overrides": {
    "eslint-plugin-json-files": {
      "sort-package-json": {
        "globby": "11.0.0"
      }
    }
  }
}

Expected Behavior

The package-lock.json in the root of the monorepo should have:

{
  "packages": {
    ...,
    "node_modules/sort-package-json": {
      "version": "1.55.0",
      "integrity": "sha512-xhKvRD8WGbALjXQkVuk4/93Z/2NIO+5IzKamdMjN5kn3L+N+M9YWQssmM6GXlQr9v1F7PGWsOJEo1gvXOhM7Mg==",
      "license": "MIT",
      "dependencies": {
        "detect-indent": "^6.0.0",
        "detect-newline": "3.1.0",
        "git-hooks-list": "1.0.3",
        "globby": "10.0.0",
        "is-plain-obj": "2.1.0",
        "sort-object-keys": "^1.1.3"
      },
      "bin": {
        "sort-package-json": "cli.js"
      }
    },
    "node_modules/sort-package-json/node_modules/globby": {
      "version": "11.0.0",
      "integrity": "sha512-iuehFnR3xu5wBBtm4xi0dMe92Ob87ufyu/dHwpDYfbcpYpIbrO5OnS8M1vWvrBhSGEJ3/Ecj7gnX76P8YxpPEg==",
      "license": "MIT",
      "dependencies": {
        "array-union": "^2.1.0",
        "dir-glob": "^3.0.1",
        "fast-glob": "^3.1.1",
        "ignore": "^5.1.4",
        "merge2": "^1.3.0",
        "slash": "^3.0.0"
      },
      "engines": {
        "node": ">=10"
      },
      "funding": {
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
    ...
  }
}

Note the "declared" version of "globby": "10.0.0" vs the overridden version "version": "11.0.0" above in two json objects.

Current Behavior

The package-lock.json in the root of monorepo now has:

{
  "packages": {
    ...,
    "node_modules/sort-package-json": {
      "version": "1.55.0",
      "integrity": "sha512-xhKvRD8WGbALjXQkVuk4/93Z/2NIO+5IzKamdMjN5kn3L+N+M9YWQssmM6GXlQr9v1F7PGWsOJEo1gvXOhM7Mg==",
      "license": "MIT",
      "dependencies": {
        "detect-indent": "^6.0.0",
        "detect-newline": "3.1.0",
        "git-hooks-list": "1.0.3",
        "globby": "10.0.0",
        "is-plain-obj": "2.1.0",
        "sort-object-keys": "^1.1.3"
      },
      "bin": {
        "sort-package-json": "cli.js"
      }
    },
    "node_modules/sort-package-json/node_modules/globby": {
      "version": "10.0.0",
      "integrity": "sha512-3LifW9M4joGZasyYPz2A1U74zbC/45fvpXUvO/9KbSa+VV0aGZarWkfdgKyR9sExNP0t0x0ss/UMJpNpcaTspw==",
      "license": "MIT",
      "dependencies": {
        "@types/glob": "^7.1.1",
        "array-union": "^2.1.0",
        "dir-glob": "^3.0.1",
        "fast-glob": "^3.0.3",
        "glob": "^7.1.3",
        "ignore": "^5.1.1",
        "merge2": "^1.2.3",
        "slash": "^3.0.0"
      },
      "engines": {
        "node": ">=8"
      }
    },
    ...
  }
}

Note that the declared version and the actual installed version are the same, meaning overrides not taking effect.

Possible Solution

N/A

Steps to Reproduce (for bugs)

  1. override in package.json in a package
  2. npm install
  3. lerna bootstrap --hoist --force-local
lerna.json

<!-- Please paste your `lerna.json` here -->

lerna-debug.log

<!-- If you have a `lerna-debug.log` available, please paste it here -->
<!-- Otherwise, feel free to delete this <details> block -->

Context

Your Environment

Executable Version
lerna --version 4.0.0
npm --version 8.5.0
yarn --version VERSION
node --version 16.14.2

| OS | Version |
| macOS Catalina | 10.15.7 |
| NAME | VERSION |
@gjgarryuan gjgarryuan mentioned this issue Apr 3, 2022
Closed
@ghiscoding
Copy link

Considering that it doesn't work correctly with NPM@7, see #2832, then the answer is most certainly No. Also consider that Lerna is out of maintenance for a long period already see #3092

@gjgarryuan
Copy link
Author

Sad to hear that and fortunately enough the project I am working on is still in the early stage where Lerna can be switched out.

@ghiscoding
Copy link

you can take a look at the Lerna-Lite fork I created which is lighter version of Lerna with less commands, it's the same code as Lerna but I did push some fixes for NPM package-lock.json file update for NPM 7+ (which doesn't exist in here). The project was created as an NPM Workspace and it does update the lock file correctly in the project root after each publish, but I don't think Lerna ever dealt with things like overrides but you're welcome to contribute

@ghiscoding
Copy link

@garrychnca hey so I am recently in the process of migrating a monorepo from yarn workspaces to pnpm workspaces and had to use the override that is nearly identical to npm and it wasn't working when I tried to set into the package.json of that package but it started to work after I tried the same override in the root package.json of the monorepo. If you're using npm 8 then you don't really need to use lerna bootstrap anymore, just use npm 8 workspaces and the override will work as expected (at least in the root it worked for me). I'm using Lerna-Lite and there's no lerna bootstrap command (no longer necessary with newer package managers) and override is working fine from what I can see, I also assume that Lerna would work just the same if you use the package manager workspaces instead of lerna bootstrap.

@JamesHenry JamesHenry added the scope: package management Issues with the bootstrap/add/link commands that relate to package management label Jun 14, 2022
@JamesHenry
Copy link
Member

Hi Folks 👋

Please take a look at our published roadmap for Lerna v7 here: #3410

One of the key items covered at length on there (please do read it for full context) is that now that we find ourselves in late 2022, it no longer makes sense for lerna to supplement package management concerns (such as installation, boostrapping, linking etc) which are covered reliably for monorepo workspaces by the three main package managers: npm, yarn and pnpm. lerna bootstrap et al were developed in a completely different era of the JavaScript ecosystem.

If you have any specific concerns please do join in on that discussion, and provide as much context as possible.

Many thanks 🙏

@JamesHenry JamesHenry closed this as not planned Won't fix, can't repro, duplicate, stale Nov 29, 2022
@lerna lerna locked and limited conversation to collaborators Nov 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
scope: package management Issues with the bootstrap/add/link commands that relate to package management
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ghiscoding @JamesHenry @gjgarryuan