Skip to content

No documented way to run without a lockfile #928

Open
@wesleytodd

Description

@wesleytodd

Description:

According to your docs there is no way to disable the lockfile check. They repeatedly say it is recommended to use a lockfile:

https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#working-with-lockfiles
https://github.com/actions/setup-node?tab=readme-ov-file#checking-in-lockfiles

Unless I am missing it in some other docs I don't see it mentioned anywhere. But based on the code, it looks like you can avoid this check by disabling cache. I tested removing the cache key from my config and that did in fact work.

First, I would recommend not being so forceful in your wording on these docs. There are many cases for libraries where a lockfile is not the best approach. Many bugs have been found by users because the library author did not test removing their lockfile before publishing and used outdated transitives when testing. If you like you could link to the documentation written by the Node.js Package Maintenance Working Group which outlines a bit of the tradeoffs.

Short of that, I think an addition should be made to the advanced topics about turning off cache so that you can run without a lockfile.

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature requestNew feature or request to improve the current logic

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions