Generating a complete lock-file without installing

[the-spyke]

Do you want to request a feature or report a bug?

Feature

What is the current behavior?

yarn generate-lock-entry emits a file with only root dependencies.

If the current behavior is a bug, please provide the steps to reproduce.

What is the expected behavior?

To have a command/option for emitting a complete lock-file like with yarn install.

Please mention your node.js, yarn and operating system version.

Yarn: 1.6.0

[the-spyke]

npm has npm install --package-lock-only command for this.

[BYK]

I like the idea. Shouldn't be too hard to implement.

[deifactor]

I found myself needing this today as well. Would this be a difficult thing to implement?

[pauldraper]

Wow, a feature that npm has that yarn doesn't. Must be a first :)

[runfaj]

A few other sites ask why this is necessary. In my case, I need to generate the lockfile because one of the dependencies of some package is failing to build, so I can't install. However I can't trace it down without having a lockfile to show what those dependencies are.

[sesam]

This would be awesome for when you keep your yarn.lock tracked in git, but build your app inside Docker. Without this feature, you always have a useless node_modules folder.

Following https://stackoverflow.com/questions/44438303/is-it-possibile-to-generate-a-yarn-lock-file-without-installing-the-packages you could perhaps work around this with:

npm install --package-lock-only; yarn import; rm package-lock.json

[ratoi-crysty]

@sesam wouldn't this have the issues of creating a different lockfile compared to generating it through yarn install?
From what I know, yarn and npm handles the dependencies tree a bit different (granted that the differences are really small).
I've seen cases where yarn installs different versions of dependencies compared to npm, therefore creating a different yarn.lock each time you generate it through install vs import from package-lock.json.
Having this in mind, I still think that this feature is required in yarn, as there is no true alternative to it, besides installing all the dependencies and the delete the node_modules folder.

[chris-convoy]

This feature is extremely relevant for DevOps teams looking to bump package versions across multiple repos in our codebase. We are running yarn upgrade for hundreds of repos within Docker containers, and the installation of dependencies is causing each repo to take 10s of minutes. We only want to bump the package.json and yarn.lock in the migration, and rely on our CICD pipeline to handle the actual installation and testing of the changes.

Setting up a shared package cache via a Docker Volume helps, but it still takes a substantial amount of time and bandwidth downloading packages that are ultimately unused.

[dolsem]

My use case is splitting local changes I made to package.json into multiple separate git commits, which happens reasonably often. Right now the only way to commit the lockfile that corresponds to package.json in each commit is to reinstall all packages multiple times, which feels completely unnecessary.

[MrChocolatine]

Any updates for this please?

[arcanis]

Closing as wontfix. While we don't plan to implement this in the core (it's a fringe feature that I'm not sure would be used enough to be worth the maintenance cost for our team), it's trivial to implement as a Yarn 2 plugin.

I believe using our API this way is the best option since it will allow you to implement your whole upgrade process, based on the exact logic you want, without having to spawn multiple processes (which would quickly become the bottleneck).

[pauldraper]

This feature is extremely relevant for DevOps teams looking to bump package versions across multiple repos in our codebase.

Now your DevOps team gets to learn how to develop Yarn plugins in Node.js.

[merceyz]

Support for generating/updating a lockfile without creating node_modules was added in yarnpkg/berry#2913 / 3.0.0-rc.10

yarn install --mode update-lockfile