Comments (11)
pnpm decides to change the lockfile because it detects that the specification from your package.json
does not match the specification that the lockfile remembered.
To workaround this, you can either:
- Manually edit
importers
ordependencies
anddevDependencies
in the lockfile. - Run
pnpm add resolve@^1.20.0
(with a caret).
Regarding the desired behavior, I am not sure if this is a bug. If I relax the version range, I would expect pnpm to update my dependencies to be latest of that range.
from pnpm.
I’ll check the workarounds later, thanks!
re/ this:
I would expect pnpm to update my dependencies to be latest of that range.
Perhaps we use lockfiles for different purposes? Mine is both a) “no surprises during deploy” and b) “no version bumps ever unless I explicitly ask for them”. I suppose you might just have (a) in mind.
from pnpm.
Perhaps we use lockfiles for different purposes? Mine is both a) “no surprises during deploy” and b) “no version bumps ever unless I explicitly ask for them”.
I only use lockfile for purpose a as well as reproducibility. If I don't ever change the specification, the dependencies will remain the same. For purpose b, I think relaxing the specification is pretty much "asking for them".
from pnpm.
Actually, this is a bug. It doesn't change with only resolve
. What changes is the transitive dependency of eslint-import-resolver-node
.
from pnpm.
I double checked again and noticed that my pnpm why
gives a different result than yours:
dependencies:
eslint-import-resolver-node 0.3.9
└── resolve 1.22.8
resolve 1.22.8
(both resolve
are 1.22.8
)
Can you try again with pnpm v1.14.0?
from pnpm.
Hm, I get 1.22.8 for both resolve
s even with pnpm 8.13.1 now. (And with pnpm 8.14 as well.) Not sure what happened back then — maybe I copied the wrong output somehow? (I remember trying to choose the second dependency to reproduce the issue.)
from pnpm.
If you can reproduce the case where resolve
versions are inconsistent, then we'd have a bug.
Anyway, do you have any .npmrc
or configuration then?
from pnpm.
Even without inconsistent resolve versions --
- If we just have
resolve: 1.20.0
, then after updating package.json to sayresolve: ^1.20.0
,pnpm i
doesn't do anything. - On the other hand, if we have both
resolve
andeslint-import-resolver-node
, then after updating package.json to sayresolve: ^1.20.0
,pnpm i
upgrades resolve.
If this is the intended behavior, then I don't understand the semantics of pnpm i
with prefer-frozen-lockfile (which is supposed to be on by default).
Anyway, do you have any .npmrc or configuration then?
No configuration.
from pnpm.
@neongreen Good point, pnpm should either change in both cases or not change in both cases.
@zkochan Which one should be the correct behavior?
from pnpm.
I don't have objections to change pnpm's behaviour in this case. If the existing resolved version satisfies the new range, we can update the range in the lockfile and consider it up-to-date.
from pnpm.
@neongreen I did a bit more digging and found that pnpm only upgrades resolve
because eslint-import-resolver-node
requires a newer version of resolve
(^1.22.4
is what [email protected]
requires), and pnpm seeks to minimize duplication and bundle size. If we remove eslint-import-resolver-node
, pnpm would not upgrade resolve
. I think this behavior is what most people desire, and I personally like it too. If you don't want pnpm to optimize the dependency tree, you should keep it explicitly pinned. Do you agree?
from pnpm.
Related Issues (20)
- Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory HOT 13
- While I run `pnpm up -g`,it can't work as expected. HOT 1
- `winget upgrade pnpm` will remove the PATH FROM user env path, and won't added the new PATH to user env path again. HOT 3
- Add a self upgrade options
- `pnpm up` doesn't update `peerDependencies`
- `pnpm install` without input fails when already node_modules exists HOT 2
- print how to upgrade pnpm when `packageManager` version doesn't match HOT 1
- `package-manager-strict` enforcement in pnpm 9 is a massive headache HOT 42
- Error while running `pnpm run ...` HOT 2
- [Feat/Bug] `pnpm init` does not respect `init.*` options as flags like `npm init --init-*` HOT 3
- PNPM consider Turborepo packages as npm packages HOT 2
- v9 install command upgrades Lockfile in CI environment HOT 1
- "pnpm why" doesn't work properly
- pnpm can create forbidden file name on windows HOT 1
- package peerDependencies are written into the lock file as if they were dependencies. HOT 1
- I cannot update version HOT 3
- `pnpm outdated` is suggesting an *older* version as the latest version
- Can't use pnpm global packages via SSH
- EBUSY: resource busy or locked and EPERM: operation not permitted on windows
- jsonwebtoken package is not compatible
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pnpm.