search

yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
https://classic.yarnpkg.com
Other
41.45k stars 2.73k forks source link

make `--pure-lockfile` default for `install` #570

Closed bestander closed 8 years ago

bestander commented 8 years ago

Do you want to request a feature or report a bug?

feature

What is the current behavior?

Not passing --pure-lockfile for install command confuses me because it modifies the lock file while installing node_modules. We agreed on semantics that add/upgrade/remove are to change dependencies and install is to consistently rebuild node_modules from lockfile.

Consistency gets lost when lockfile is modified depending on environment (version of yarn currently installed).

What is the expected behavior?

Not write yarn.lock or package.json when doing yarn install. To update yarn.lock use yarn upgrade

Please mention your node.js, yarn and operating system version.

yarn 0.14

BYK commented 7 years ago

The frozen-lockfile is therefore very helpful on build machine (i.e. jenkins) as those build will fail.

I think we can enable this automatically when we detect we are in CI mode?

k0pernikus commented 7 years ago

@BYK I didn't realize this issue was closed before adding in here. Should I maybe open a new one or can this be reopened?

BYK commented 7 years ago

I'd say open a new one ☺️

trusktr commented 5 years ago

I agree with @thejameskyle and @kittens that yarn.lock should be kept in sync with package.json automatically

Not sure if this has been said, but just in case: you don't have to invalidate the entire yarn.lock when anything in package.json changes. You can invalidate only the dependencies of only packages that were modified inside of package.json. F.e. if you updated only TypeScript, on the dependencies of TypeScript would need to be modified (with considerations respecting other unchanged packages).