-
### What is the problem this feature would solve?
NPM has a command, `npm ci`, that installs the exact packages in the lockfile for reproducible builds. Bun's command, `bun install --frozen-lockfil…
-
**Is your feature request related to a problem? Please describe.**
As of now the pip python dependency resolution using `pants generate-lockfiles` can take a very long time. In order to improve the o…
-
I am using a yarn lockfile and keep getting this error: `error: [json.exception.parse_error.101] parse error at line 1, column 1: syntax error while parsing value - invalid literal; last read: '#'`
…
-
`pip` currently uses `requirements.txt` to specify dependencies; it can specify __versions__ of packages but not __hashes__. The [newer pipfile format](https://github.com/pypa/pipfile) can include has…
-
### Summary
Ensure `yarn install` will not update the `yarn.lock` file, and fail if an update is required
### Issue Type
Feature Idea
### Component Name
yarn
### Additional Information
If a `ya…
-
Hello there,
Thanks for this amazing work but I am reporting here a crucial bug: known malicious packages are not detected when scanned.
How to reproduce:
* Add the following [known malicious p…
-
https://github.com/bundler/bundler/blob/d44d803357506895555ff97f73e60d593820a0de/lib/bundler/lockfile_generator.rb#L89 seems to generate lines with 3 spaces.
E.g. The `BUNDLED WITH` section has 3 …
-
In [a recent blog post](https://blog.rust-lang.org/2023/08/29/committing-lockfiles.html), the Cargo Team outlined some reasons why they've changed the default for `cargo new` to not exclude the lockfi…
-
If I run `flutter pub get` right now, it bumps the version of several of our dependencies:
```
$ flutter pub get
Resolving dependencies...
_fe_analyzer_shared 58.0.0 (59.0.0 available)
analy…
-
When I tried to deploy on Netlify this is what happened:
```
7:52:49 PM: Installing npm packages using pnpm version 8.3.1
7:52:49 PM: Lockfile is up to date, resolution step is skipped
7:52:49 …