New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] [Yarn] Should package lockfiles be committed when using yarn? #823
Comments
Have you tried Personally, I do exactly that: Unfortunately, there is currently no automated way to "synchronize" hoisted package versions, so whenever you update a version in the root, you'll have to manually bump the matching package versions under |
Ah, good to know! Y'know we haven't tried We're still pretty early and I was hoping that specific bug should go away once we've started publishing... but now that I think about it, I guess it would crop up every time a new package is created. I guess it's time to dig into the issue a bit more. I'll see what I find and come back w/ a bug report and/or PR. |
@jvivs Have you guys made progress? I am wondering the same. |
FWIW, I always commit my lockfiles. The mild inconvenience of having to have approximately the same yarn version across devs' machines is far outweighed by never having to worry about an entire class of bugs. Said inconvenience really amounts to "oops, my lockfile changed, guess it's time to update yarn again" at worst. |
Ultimately, the choice to version lockfiles is up to the project. Lerna will work either way. |
This thread has been automatically locked because there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Context
Setting up a greenfield project with
yarn
+lerna
for the first time. Seeing high churn inyarn.lock
files across different developers' machines.We're unsure if we should be committing
yarn.lock
files in each of ourpackages/
directories, or ignore them as we wouldn't be shrinkwrapping withnpm
.Your Environment
Multiple developer machines, either OS X 10.11/10.12 or Ubuntu
lerna --version
npm --version
yarn --version
node --version
Looking for guidance/recommendation on committing or ignoring
yarn.lock
files inpackages/
. While yarn's guidance on lockfiles is that they should be committed, I'm wondering if the same advice applies when usinglerna
to manage multiple packages.We're in the early stages of setting up a monorepo with lerna for a universal app and most (if not all) dependencies are listed in both the project root (for the web server) and duplicated in each package's
package.json
.Using npm@3 in a monorepo, I would usually use a shrinkwrap to lock down versions in the app and let packages embrace semver. Unfortunately, I'm not sure if or how the switch to
yarn
changes best practices here.It's early on, so I'm tempted to YOLO and learn from our mistakes, but I'm seeing a bunch of churn in
yarn.lock
files across different developers' machines--along the lines that I would normally expect with a freshly generated shrinkwrap in npm@2 😢.I looked around in issues and docs, but I couldn't find any guidance. Likewise, if there are resources elsewhere that I can use, I'm happy to ask questions elsewhere :)
If anyone's able to share what they consider to be best practices working with
yarn
andlerna
(and why), I'd be both grateful and an imminent docs contributor.Thanks in advance... you're doing some great work here!
The text was updated successfully, but these errors were encountered: