Open 35ujq435jq45 opened 1 year ago
One easy fix would be to update the --help
message and documentation for --lockfile-only
and --frozen-lockfile
.
How would you do this with npm or Yarn?
One workaround we want to try out is using the 'afterAllResolved' hook in .pnpmfile.cjs to kill pnpm
.
I think we can add something like pnpm install --check
or pnpm check
That would be awesome. I think all we need to do for this is to exit after the resolution step (afterAllResolved).
+1 Would be usefull
pnpm version: 7.26.1
Code to reproduce the issue:
pnpm install --frozen-lockfile --lockfile-only
Expected behavior: Lockfile is frozen and won't get modified.
Actual behavior: Lockfile is updated.
Additional information:
We want to verify our lockfile. That should include linting and verifying it against all package.json files in our repository. Since pnpm doesn't provide a
--dry-run
/--simulate
option, we have to runpnpm install --frozen-lockfile
. However, this will install all dependencies which we don't need/want. Hence, we added the--lockfile-only
flag. However, it seems that this flag overrides the--frozen-lockfile
flag which is undocumented behavior:node -v
prints: v16.15.0