.pnpmfile change not triger resolution

[tjx666]

pnpm version: 8.6.3

Code to reproduce the issue:

https://stackblitz.com/edit/node-3neeb1?file=.pnpmfile.cjs

1. pnpm install
2. change log statement in .pnpmfile.cjs
3. pnpm install, you will see Lockfile is up to date, resolution step is skipped

Expected behavior:

change .pnpmfile.cjs should always trigger resolution

Actual behavior:

as title

Additional information:

• node -v prints: v16.20.0
• Windows, macOS, or Linux?: https://stackblitz.com/

[zkochan]

How can we know if the file has changed? We could store the hash of the file in the lockfile. However, the hash won't change if the modification will happen not in .pnpmfile.cjs itself, but in modules that it requires.

[tjx666]

at least change .pnpmfile.cjs should trigger resolution

[thynson]

Let me try to understand the point of @tjx666 . The pnpmfile file affects resolution, since it can mutate the dependencies of a package in hooks, so it's reasonable that any modification to it need to trigger an resolution. The best way of it can be store the hash of pnpmfile in the lockfile, and possibly the file path of it, if renaming a pnpmfile, e.g., from pnpmfile.js to pnpmfile.js hit a corner case.

[icy0307]

#4794
this is the same issue.
Every time someone modifies package.json first, the hooks on master branch become useless, until the next time someone installs or removes something in package.json
Can we do some ast parsing recursively and find all related files? Store the hash for pnpmfile and related "required" files.

[thynson]

Let me try to understand the point of @tjx666 . The pnpmfile file affects resolution, since it can mutate the dependencies of a package in hooks, so it's reasonable that any modification to it need to trigger an resolution. The best way of it can be store the hash of pnpmfile in the lockfile, and possibly the file path of it, if renaming a pnpmfile, e.g., from pnpmfile.js to pnpmfile.js hit a corner case.

I realized storing the hash value of pnpmfile.js in the lockfile is a bad idea. Instead, make sure the hooks in the pnpmfile.js are invoked for each dependencies in package.json, before checking a lockfile is up-to-date.

[icy0307]

But doesn't the readPackage hook get called during the resolution step?
@thynson

[thynson]

@icy0307 It seems like not for every dependency, according to #4794 (comment).

[icy0307]

@thynson yes, not invoke for every dependency only if resolution get skipped.
And this because current hooks get called in resolution step. But we need to call every hooks to know if the package lock is up-to-date.
That said, currently, we need hooks which called in resolution step to know if we can skip resolution, which is impossible.
We need to find another way to know if resolution can be skipped if pnpmfile changes. @thynson

[zkochan]

Fixed by #7662