Closed JamesSingleton closed 3 years ago
Doesn't Lerna support single lockfile at the root (when used only with npm)? Lerna with Yarn workspaces creates single lockfile. Sorry, I'm just not using npm since the first days of Yarn.
Pnpm also supports single root lockfile in monorepos. Not sure if lockfile-lint
supports Pnpm?
@tunnckoCore I believe lerna
behaves differently between yarn
and npm
:
https://github.com/yarnpkg/yarn/issues/5428
As some of these links suggest, having one package-lock.json
or yarn.lock
in a monorepo is not necessarily production ready per package- if each was containerized without a lock file, differing versions resolved in your node_modules
could break your package.
Got it. Thanks for the linked discussions :)
@tunnckoCore no support for pnpm but it shouldn't be hard to add if you wanted to give it a stab
@JamesSingleton if you wanted to provide a glob pattern I'd happily merge it.
@lirantal I'm looked in the source and it's seems easy to add.
We could probably use @pnpm/lockfile-file
, but I don't see exposed api there for "parsing" there is only methods that accept the path to the lockfile. Here, we need the final "parsed" content of the file. /cc @zkochan
And yet, I'm not sure if that the lockfile-lint-api/src/ParseLockfile.js
is the only place that changes are needed.
Sorry, I won't pollute more this thread. Opened https://github.com/lirantal/lockfile-lint/issues/48
Is your feature request related to a problem? Please describe.
Sort of, if you are trying to use the CLI in a lerna repo it doesn't support glob patterns like
lockfile-lint -p packages/*/package-lock.json -t npm -a npm -o https: -c -i
Describe the solution you'd like
Either support multiple paths or glob patterns.
Describe alternatives you've considered
Writing a script to manually loop over all the packages.
Would you entertain a PR that would accomplish this?