Open AnomalRoil opened 22 hours ago
@AnomalRoil We use npm ci
when in CI, but npm install
locally: https://github.com/moonrepo/moon/blob/master/legacy/node/tool/src/npm_tool.rs#L201
We do this to handle situations where a package.json dependency was changed some where, but the install hasn't occurred yet, resulting in an invalid node_modules state.
Describe the bug
When running any tasks in a
npm
project, it seemsmoon
is going to first runnpm install
, butnpm install
is not freezing thepackage-lock.json
files and there are no options to usenpm clean-install
instead. This means sometimesmoon
will randomly decide to change mypackage-lock.json
, make my builds far less deterministic than I'd like.Is this intended or not?
Expected behavior
Running
moon run :build
should build things, not update mypackage-lock.json
.Environment
Additional context
If this is intended, is there any workaround (other than switching to
yarn
and using--frozen-lockfile
if possible) to avoid that behaviour?