Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When "pnpm-lock.yaml" doesn't exist, "pnpm install" should not respect "node_modules/.pnpm-lock.yaml" #1890

Closed
sachinjoseph opened this issue Jun 24, 2019 · 4 comments

Comments

@sachinjoseph
Copy link

sachinjoseph commented Jun 24, 2019

pnpm version: 3.5.3

Code to reproduce the issue:

https://github.com/sachinjoseph/rush-pnpm-bug/tree/pnpm-install-node_modules-lockfile-bug

Repro steps

git checkout pnpm-install-node_modules-lockfile-bug

cd common/temp

  1. pnpm install
    Installs react-focus-lock version 1.17.7

  2. rm .\pnpm-lock.yaml

  3. pnpm install
    Installs react-focus-lock version 1.17.7

  4. rm .\pnpm-lock.yaml
    rm .\node_modules\.pnpm-lock.yaml

  5. pnpm install
    Installs react-focus-lock version 1.19.1

Expected behavior:

If pnpm-lock.yaml doesn't exist, pnpm install should not respect .pnpm-lock.yaml in node_modules folder.
In the repro steps, step 4 should fail.

Actual behavior:

When pnpm-lock.yaml doesn't exist, pnpm install respects .pnpm-lock.yaml in node_modules folder. Step 4 passes when pnpm-lock.yaml doesn't exist.

Additional information:

  • node -v prints: v10.15.3
  • Windows, OS X, or Linux?: Windows 10
@sachinjoseph
Copy link
Author

@zkochan I also have a related question: If pnpm-lock.yaml (and the backup node_modules/.pnpm-lock.yaml) doesn't exist, then are pnpm install and pnpm update expected to behave in the exact same way?

@zkochan
Copy link
Member

zkochan commented Jul 17, 2019

@zkochan I also have a related question: If pnpm-lock.yaml (and the backup node_modules/.pnpm-lock.yaml) doesn't exist, then are pnpm install and pnpm update expected to behave in the exact same way?

yes

@zkochan
Copy link
Member

zkochan commented Jul 17, 2019

I don't think this is an issue. Some users of pnpm set the lockfile config to false, so they don't even get a pnpm-lock.yaml. So for these users, pnpm install would always behave as pnpm update --depth Infinity

@sachinjoseph
Copy link
Author

Okay, thanks. Closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants