-
-
Notifications
You must be signed in to change notification settings - Fork 937
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pnpm import completely ignores package-lock.json files #6233
Comments
Digging further into this, it looks like the issue is that pnpm doesn't support the v3 package-lock formats (which no longer have a "dependencies" section which was essentially duplicate data from the "packages" sections) |
This seems like a serious issue. Is there anything I can do to help move it along? |
We recently stumbled on this issue and this is also blocking for us. We have older projects that are not converted to PNPM yet and our build server imports their NPM lock file so it can restore with PNPM. What happens now is that on the build server we get random failures because (possibly buggy) newer versions of dependencies might get installed. |
pnpm import says it should work with a package-lock.json, however it seems to be completely ignoring it, there's no difference between doing a
pnpm import
and apnpm i --lockfile-only
.Example:
package.json
package-lock.json:
I run the command:
pnpm import
Generated pnpm-lock.yaml
As you can see, despite the package-lock stating the version installed should have been
4.14.3
, the generated pnpm-lockfile suggests it should resolve to4.15.0
.I've also tried specifying the package-lock.json file using
pnpm import package-lock.json
but that had the same effect. It seems as though pnpm just totally ignores any package-lockfile that's already there.Is there something I'm missing?
The text was updated successfully, but these errors were encountered: