-
## Description
Is it possible to add specification for lockfile v9?
## Related PRs:
- https://github.com/pnpm/pnpm/pull/7666
- https://github.com/pnpm/pnpm/pull/7861
-
## Hello!
- Vote on this issue by adding a đź‘Ť reaction
- If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)
## Issue details
…
-
### Contribution
- [X] I'd be willing to implement this feature ([contributing guide](https://github.com/pnpm/pnpm/blob/main/CONTRIBUTING.md))
### Describe the user story
[Red Hat Dependency Analyt…
-
i am not sure if this is the goal of the project as well. but i can't seem to do `cargo vendor-filterer --locked # or --frozen`. this is needed when vendoring for offline environments.
Not sure if…
-
Ghjk lockfiles are expensive to generate as they require resolving information from multiple registries instead of one like most package manager. When a merge conflict occurs in the file, as it does s…
-
### What version of Bun is running?
1.1.6+e58d67b46
### What platform is your computer?
Microsoft Windows NT 10.0.22631.0 x64
### What steps can reproduce the bug?
In a package using package.json…
-
### I've searched open issues for similar requests
Yes
### Is your feature request related to a problem? Please describe.
Sometimes formatters change how they work and updating them results in an u…
-
See https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/
It's way too easy to make what *appears* as a helpful PR contribution but it's way too hard to …
-
Trying to install a package from renv/cellar which installs fine locally: when snapshotting it's not reflected in the lockfile.
Hence when deploying to posit connect, it tries to install the packa…
-
Some TBDs:
- [ ] Lock dynamically imported ts modules. `.ghjk/deno.lock` doesn't track any `await import` items.
- [x] Improve shape to minimize line counts. The current json files as printed bloa…