-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hoist may delete certain packages from the packages folder during bootstrap #951
Comments
What does your root |
Hello, |
Hoisting has nothing to do with the location of the managed package. Hoisting just optimizes the installation of external npm dependencies, using the node module resolution algorithm. It's not necessary to create explicit dependencies on monorepo-local packages. |
In my particular case it is necessary. I need to hoist the local package to avoid it getting its own version of certain shared library |
A shared external library with identical version range specifier? I'd just add it to the root package.json as a devDependency and then you'd never have to worry about that (as hoisting will use whatever is already installed in the root if it matches). I want to be extra clear: there is no sense of "hoist" as lerna uses it that has any effect to a local (lerna-managed) package. Those are always symlinked wherever it finds a matching name+version. |
I am currently running into this issue. One of my packages is completely blown away on bootstrap. This had not been an issue until today. The root is not a published package, just the
{
"lerna": "2.0.0-rc.4",
"packages": [
"packages/*"
],
"version": "independent"
} Whatever the issue with the script, deleting packages is...not ideal behavior. |
@tomccabe I can't reproduce it with just that information. Is this a public repo, perhaps? |
It is not, unfortunately.
…On Wed, Aug 2, 2017 at 7:36 PM Daniel Stockman ***@***.***> wrote:
@tomccabe <https://github.com/tomccabe> I can't reproduce it with just
that information. Is this a public repo, perhaps?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#951 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ACEIT9IDe-t8bBsV8PMUQRzXmcYHaBFIks5sUQfvgaJpZM4OquLW>
.
|
Hi @evocateur -- debugged the issue tonight and I hadn't updated semvers in packages that were consuming the package getting deleted on bootstrap. We stopped using the |
Hello there, I managed to fully reproduce the error, here is the repo with minimal config: https://github.com/fyodorvi/lerna-hoist-bug We have two packages in that repo: lerna-hoist-test-wheel and lerna-hoist-test-tyre. Wheel depends on tyre. Note that wheel version 0.1.0 is published to npm - that is very important. Initially all versions match: wheel and tyre have 0.1.0 version, wheel depends on tyre as ^0.1.0. Steps to reproduce:
Result: packages/lerna-hoist-test-tyre is deleted. |
Thanks!
… On Aug 15, 2017, at 21:06, Fyodor Yakimchouk ***@***.***> wrote:
Hello there, I managed to fully reproduce the error, here is the repo with minimal config:
https://github.com/fyodorvi/lerna-hoist-bug
We have two packages in that repo: lerna-hoist-test-wheel and lerna-hoist-test-tyre. Wheel depends on tyre.
Note that wheel version 0.1.0 is published to npm - that is very important.
Initially all versions match: wheel and tyre have 0.1.0 version, wheel depends on tyre as ^0.1.0.
Steps to reproduce:
Checkout the repo, run npm install
Run npm run lerna - it will run bootstrap with hoisting. Everything should be fine at that point.
Go into lerna-hoist-test-tyre and manually bump the version in package json to 0.2.0
Run npm run lerna
Result:
packages/lerna-hoist-test-tyre is deleted.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Any update on this? For the workflow where a lot of different devs work on a lot of different packages we see this quite a bit as the lerna version is bumped in master and devs merge master into their feature branches. If the dev is working on a new package that didn't exist on master and forgets to update the version number in their package.json to match the incoming bump, lerna will delete their package and any of their local dependencies (if they were not updated too). Any way to prevent destructive behaviour in the mean time? |
+1 for updates - we've also run into this and lost some work during development. |
|
So you should merge it into develop and create a release branch for the version bump ? |
Merge into master, then publish. Exactly the same as a “normal” npm package.
… On Nov 16, 2017, at 00:41, Daniel Rodríguez Rivero ***@***.***> wrote:
If you're working in a feature branch, you shouldn't be modifying the version property of any package.json (this is identical to "normal" npm package development patterns).
So you should merge it into develop and create a release branch for the version bump ?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Just run into that. My new package vanished into oblivion 😢 super complicated code not yet commited. If that can help:
|
definitely YES 😿 [edit] managed to recover most of the code 🤕 |
I'm having issues where lerna bootstrap --hoist="{mocha,webpack,webpack-dev-server,node-sass}" and it would just remove the |
Is there any particular reason you’re using a hoist whitelist instead of just hoisting everything?
The mangling of root dependencies that occurs during a hoisted bootstrap is most likely the culprit (because the existing root dependency is no longer present, npm5 considers that a change it needs to sync to the lock file, thus the removal).
… On Feb 14, 2018, at 08:12, Robin Franken ***@***.***> wrote:
I'm having issues where --hoist is removing several of the dependencies that were already installed. I was running this:
lerna bootstrap --hoist="{mocha,webpack,webpack-dev-server,node-sass}"
and it would just remove the webpack-node-externals module that was installed in the root package..
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
I had problems before with hoisting all of the dependencies. Regardless, this means that any dependencies at the root level are removed? What about dependencies that are used for scripts at the root level. Seems a bit strange to me to be doing this..
Op 14 feb. 2018 6:08 p.m. schreef Daniel Stockman <notifications@github.com>:
Is there any particular reason you’re using a hoist whitelist instead of just hoisting everything?
The mangling of root dependencies that occurs during a hoisted bootstrap is most likely the culprit (because the existing root dependency is no longer present, npm5 considers that a change it needs to sync to the lock file, thus the removal).
On Feb 14, 2018, at 08:12, Robin Franken ***@***.***> wrote:
I'm having issues where --hoist is removing several of the dependencies that were already installed. I was running this:
lerna bootstrap --hoist="{mocha,webpack,webpack-dev-server,node-sass}"
and it would just remove the webpack-node-externals module that was installed in the root package..
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#951 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AD90FKQDEUjc_5xcxWpStpiWZSCkPRMqks5tUxMMgaJpZM4OquLW>.
|
This is not lerna’s behavior, it is a side effect of npm5.
… On Feb 14, 2018, at 09:21, Robin Franken ***@***.***> wrote:
I had problems before with hoisting all of the dependencies. Regardless, this means that any dependencies at the root level are removed? What about dependencies that are used for scripts at the root level. Seems a bit strange to me to be doing this..
Op 14 feb. 2018 6:08 p.m. schreef Daniel Stockman ***@***.***>:
Is there any particular reason you’re using a hoist whitelist instead of just hoisting everything?
The mangling of root dependencies that occurs during a hoisted bootstrap is most likely the culprit (because the existing root dependency is no longer present, npm5 considers that a change it needs to sync to the lock file, thus the removal).
> On Feb 14, 2018, at 08:12, Robin Franken ***@***.***> wrote:
>
> I'm having issues where --hoist is removing several of the dependencies that were already installed. I was running this:
>
> lerna bootstrap --hoist="{mocha,webpack,webpack-dev-server,node-sass}"
> and it would just remove the webpack-node-externals module that was installed in the root package..
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub, or mute the thread.
>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#951 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AD90FKQDEUjc_5xcxWpStpiWZSCkPRMqks5tUxMMgaJpZM4OquLW>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Yes I understand that. But it's not really a detail but rather a huge problem for most likely a lot of people. Wouldn't it be easy to solve this problem by simply temporarily adding the hoisted dependencies to the **existing** package.json or to install each package by just using `npm install` directly?
Op 14 feb. 2018 11:05 p.m. schreef Daniel Stockman <notifications@github.com>:
This is not lerna’s behavior, it is a side effect of npm5.
On Feb 14, 2018, at 09:21, Robin Franken ***@***.***> wrote:
I had problems before with hoisting all of the dependencies. Regardless, this means that any dependencies at the root level are removed? What about dependencies that are used for scripts at the root level. Seems a bit strange to me to be doing this..
Op 14 feb. 2018 6:08 p.m. schreef Daniel Stockman ***@***.***>:
Is there any particular reason you’re using a hoist whitelist instead of just hoisting everything?
The mangling of root dependencies that occurs during a hoisted bootstrap is most likely the culprit (because the existing root dependency is no longer present, npm5 considers that a change it needs to sync to the lock file, thus the removal).
> On Feb 14, 2018, at 08:12, Robin Franken ***@***.***> wrote:
>
> I'm having issues where --hoist is removing several of the dependencies that were already installed. I was running this:
>
> lerna bootstrap --hoist="{mocha,webpack,webpack-dev-server,node-sass}"
> and it would just remove the webpack-node-externals module that was installed in the root package..
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub, or mute the thread.
>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#951 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AD90FKQDEUjc_5xcxWpStpiWZSCkPRMqks5tUxMMgaJpZM4OquLW>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#951 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AD90FPNrF4MGeMU4Oyo8NLSubPhQGDo2ks5tU1i1gaJpZM4OquLW>.
|
Or just use local file: specifiers with npm5 and completely skip lerna bootstrap. v3.0.0-alpha.0 released today supports this, and it works marvelously.
|
I'm not really happy about having to use experimental (alpha) versions of software honestly. I think I will just disable the package lock in the root package for now.
Op 15 feb. 2018 7:26 a.m. schreef Daniel Stockman <notifications@github.com>:
Or just use local file: specifiers with npm5 and completely skip lerna bootstrap. v3.0.0-alpha.0 released today supports this, and it works marvelously.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#951 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AD90FDWsvEPrJmw3iQu06MIrhNHd82yWks5tU83_gaJpZM4OquLW>.
|
Actually, I tried disabling the package-lock.json, it made absolutely no difference. So that's not the problem.. |
Here some info regarding the cause of this issue: The actual problem here is not directly related to Lerna. It is related to the Lerna usage of the Solution would be to use Now that the cause is clear, we have to think of a solution for Lerna. However I first would like to know what @evocateur thinks about this. I see that @evocateur already mentioned something similar to this a few posts up. So yeah now we only need someone who will add a PR for the fix. Maybe I will cook something, but am a bit busy lately :). |
Great investigation, thanks!
I’ve never been a huge fan of the post-hoc “prune” phase after the initial hoist calculations/install into root. It’s only use-case is to afford the transition from nested bootstrap to hoisted bootstrap. After the first hoist, it’s just dead time (that always seems to last much longer than you’d expect).
If hoist is enabled, I would be fine with _always_ running a prerequisite `git clean -fdx packages/*/node_modules` (which doesn’t follow symlinks) instead of a fiddly/slow/error-prone post-hoc rimraf. Yes, this would whack any nohoist or root-conflicting leaf install, but it’s an edge case, and infrequent.
… On Apr 26, 2018, at 03:44, Erwin Verdonk ***@***.***> wrote:
Here some info regarding the cause of this issue:
The actual problem here is not directly related to Lerna. It is related to the Lerna usage of the rimraf module. This module uses lstat and thus treats symbolic links, like the ones Lerna creates to link packages, as directories. The result is that when Lerna wants to remove a symbolic link dependency from node_modules, it will actually remove the directory it is linked to, which is undesired.
Solution would be to use stat instead of lstat, which does not follow symbolic links for information, but that is something either has to be added as an option to rimraf or use something else other than rimraf for the removal of dependencies in the node_modules folder.
Now the cause is clear we have to think of a solution for Lerna. However I first would like to know what @evocateur thinks about this.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Could you expand on that? I'm a happy user of nohoist |
The only change in the context of |
Ok, seems it is not a problem for me since I configure both hoist and nohoist in lerna.json |
This happened to me today again. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I ran into this problem today. None of the packages are published. I added hoist yesterday and keep all versions are same. Then I added a new devDep today in one of the packages, it crashed with a lot of deletion. lerna version is 3.13.1 |
I think I am seeing the same thing. Steps to reproduce:Clone https://github.com/feathersjs/feathers, install dependencies, try to add a dependency to any repository.
Expected:
Actual:All folders of local dependencies of
It should be a pretty standard Lerna setup (it doesn't look like anything mentioned here applies - or I'm missing it). Not sure where to start debugging. |
+1 from me, lerna seems to randomly delete my own packages using --hoist option |
+1 having commit for a while, so have to rewrite my packages.... |
Ran into this issue just now and it turned out that the issue was sub-package dependency/package-lock collisions. Fixed by running |
oh hey, i think 71174e4 weaponized |
Similar to @daffl - we have a monorepo with 80+ packages. I major bumped one of the packages (let's say Two other packages ( root/packages/A # v2.0
root/packages/B # A@v1.0
root/packages/C # A@v1.0 When I run root/packages/B # A@v1.0
root/packages/C # A@v1.0 And B and C's Has anyone experienced similar behavior to this? Edit: |
TL;DR: Don't use |
Today I ran into one of the worst things a software can do because a bug: fail destructively.
I recently started to use hoist to save lot of startup time and space during development. However I find a situation where hoist behaves destructively, which should never happen in this kind of tool. Luckly git (specifically VSCode git interface) show me a bunch of deleted files in a bright red that took my attention. This may be the result of a mixture of uncommon variables:
Expected Behavior
I expected lerna to warn me some way, instead of deleting my package and fail with a long and unreadable stack trace
Current Behavior
The package is deleted and sometimes bootstrap fails, and other times it succeeds. Very erratic
Steps to Reproduce (for bugs)
hoist: true
to lerna.json or add the option during the bootstrap commandlerna-debug.log
No lerna-debug is generated
Your Environment
lerna --version
npm --version
node --version
The text was updated successfully, but these errors were encountered: