-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Yarn install ignore the lock file #5270
Comments
I don't see this behavior. Mine stays at 1.6.4.
|
First I see that you are using Yarn 1.4.0. Is that something fixed in the 1.4.x version?
And change the angular cli version to "1.6.4"
At this point it still fine. The version 1.6.4 is in my lock file.
And set angularCli version to "^1.6.4"
This is were I expect that the version in the lock file will be used... But:
yarn.lock file was updated and it now use version 1.6.6!
I really don't see the point of the yarn.lock file if it is never use. The lock file should be updated only when using yarn upgrade (or created if not present of course). And maybe with a special arg with yarn install. i.e. yarn install -updatelockfile If you think I am wrong, please, help me to understand. Give me an example where the lock file is used when we do a yarn install. Because I don't get it. And it seems that I am not alone if I google the problem.... |
I think I followed your steps correctly: Create angular project:
Manually edit package.json and set to 1.6.4:
Yarn install to update the lockfile to 1.6.4
Edit package.json and yarn.lock and set both to
delete node_modules and rerun install
My lockfile is unchanged:
What should happen is that Yarn will read your package.json and get the package name and version: Then it will reformat that to Then it checks the yarn.lock for an entry with that key, which is:
It should then use the specified If the lockfile is changing even when Since I can't seem to reproduce the issue, it's pretty difficult to guess at what the problem might be. If you can grab the source and help debug into it, we would appreciate it! |
Yes I a have a .yarnc file but it is almost empty: To be sure it is not something on my system, I tried on a docker container. I used that image: Installed node.js, npm and yarn 1.3.2 on it.
Now with yarn install --pure-lockfile:
The lock file still show 1.6.4. And this test with a docker container was done on my private connection at home, without any vpn connection. So out of the office. Are you sure it is not your setup that is not right? Do you have an off-line mirror setup or something like that? |
I just publish my docker image if you want to try: |
Docker on both my computers is all messed up unfortunately... Would it be possible to share your |
Here is my package and lock file. Version 1.6.4 in the lock file ands ^1.6.4 defined in the package file. |
Ah, alright, so here is what's going on. Your lockfile isn't in sync with your package.json file. One or the other has been edited. Specifically that version mismatch. It's basically what I explained above about how Yarn check the lockfile...
When the lockfile was created, package.json must have contained the exact version You could manually get it back in sync by changing the package.json back to an exact version, or edit the yarn.lock file and change
to
|
Ok, I understand now how it is working. |
Yeah there was a discussion in #4147 about |
Do you want to request a feature or report a bug?
What is the current behavior?
If I read well those articles:
https://yarnpkg.com/blog/2016/11/24/lockfiles-for-all/
https://yarnpkg.com/lang/en/docs/yarn-lock/
The lock file is supposed to make sure we are all installing the same version and that a new release won't suddenly break a build. Am I right?
Well, I have a Angular 5 project that is using AngularCli to build. In our package.json file, we have:
And in the yarn.lock file:
Everything was working fine, then suddenly one morning, our build server reported that the build has failed! We tried to do the build on our local dev machines and everything was fine. Then I decided to delete the node_modules directory, do a yarn install and try the build.... bang! It breaks.
I then realize that the yarn.lock file has been updated. Looked inside and found that it is now using AngularCli 1.6.5! And that version has a bug that prevent our build to work.
If the current behavior is a bug, please provide the steps to reproduce.
What is the expected behavior?
I expect to have, in the node_modules directory, the AngularCli v.1.6.4 since it is the one in the lock file. But no, the lock file is updated, and the version present is 1.6.5.
I also tried with the options --frozen-lockfile and --pure-lockfile
Please mention your node.js, yarn and operating system version.
Node 6.9.2
Os: MacOs HightSierra
The text was updated successfully, but these errors were encountered: