Incorrect lockfile is created

[zkochan]

pnpm version:

5.8.0

Code to reproduce the issue:

pnpm init -y
pnpm add canvas@2.6.0 jest@26.5.0
rm -rf node_modules pnpm-lock.yaml

Manually change the version of jest to 26.4.0 in package.json.

Run pnpm install

Expected behavior:

At the top of the lockfile, these 3 lines are present:

dependencies:
  canvas: 2.6.0
  jest: 26.4.0_canvas@2.6.0

Actual behavior:

This is in the lockfile:

dependencies:
  canvas: 2.6.0
  jest: 26.4.0

Additional information:

• node -v prints:
• Windows, OS X, or Linux?:

[delanni]

I tried out the new version, as suggested, unfortunately, the issue doesn't seem to be solved.
On this repo (https://github.com/prezi/pnpm-monorepo-test) try the following reproduction steps:

npm run init # == pnpm i --ignore-scripts
npm run lockfile # == pnpm i --ignore-scripts --lockfile-only

If you keep repeating npm run lockfile the lockfile keeps switching between two states, you can verify with git diff.

Maybe we're doing something wrong. What was the intended purpose for the --lockfile-only switch?

[zkochan]

In what cases do you use --lockfile-only? You don't need this option mostly. When this option is used, only the lockfile is updated, nothing gets actually updated inside node_modules.

[delanni]

That was exactly our intent.

In our case, where multiple developers are working on a single monorepo, where there's a single pnpm-lock.yaml, there are often conflicts, and we need to resolve conflicts by somehow re-generating the lockfile.

We didn't want to remove the pnpm-lock.yaml because that re-resolves all dependencies, and the version ranges update, triggering even more changes, that seem unrelated to the real changeset.

So, ultimately what we wanted is to have a way to re-generate the shared lockfile after conflicts.

[zkochan]

The issue is with optional peer dependencies. I will work on a fix.

[zkochan]

🚢 5.9.2