Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support to pnpm-lock.yaml file #853

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

add support to pnpm-lock.yaml file #853

wants to merge 2 commits into from

Conversation

lapa182
Copy link

@lapa182 lapa182 commented Nov 10, 2023

This pull request adds support to the pnpm-lock.yaml files.

I've updated the tests to also support this change, please let me know if there's anything further to apply this change to chromatic-cli!

Relates to issue #785

@lapa182 lapa182 changed the title add support pnpm-lock files add support to pnpm-lock.yaml file Nov 10, 2023
@tevanoff tevanoff added the minor Auto: Increment the minor version when merged label Nov 14, 2023
@tevanoff
Copy link
Contributor

Thanks for the PR @lapa182! We'll take a look at this ASAP.

@Obi-Dann
Copy link

I am trying these changes in our setup. I don't think it will work because snyk-nodejs-lockfile-parser does not support pnpm. It will likely report an error from

chromatic-cli/node-src/lib/getDependencies.ts

Line 28 in 602d90c

const headTree = await buildDepTreeFromFiles(rootPath, manifestPath, lockfilePath, includeDev); 

Unknown lockfile pnpm-lock.yaml. Please provide either package-lock.json or yarn.lock.

snyk/nodejs-lockfile-parser#111

@Obi-Dann Obi-Dann mentioned this pull request Nov 29, 2023
Draft
@lapa182
Copy link
Author

lapa182 commented Nov 29, 2023

@Obi-Dann do you think you could create a specific condition just for PNPM and use https://www.npmjs.com/package/@pnpm/lockfile-file to parse the lock file just for pnpm? 🤔

@tevanoff
Copy link
Contributor

Thanks @Obi-Dann! You're right, this won't change the current behavior since it won't be able to parse the pnpm lock file. It will fall back to looking at package.json which is what happens currently when it can't find the lock file at all.

@lapa182 that pnpm library looks promising, but we haven't yet dug into it enough to know if it will give us what we need. We have a ticket on our end to take a closer look, but I can't say for sure when that will be prioritized. I'll see if I can get some traction on that. Thanks!

@kevinlandsberg
Copy link

kevinlandsberg commented Feb 29, 2024
edited

Having the same issue...please fix this! ❤️

@milahu
Copy link

milahu commented Mar 27, 2024
edited

const headTree = await buildDepTreeFromFiles(rootPath, manifestPath, lockfilePath, includeDev);

related: my parse-package-lock is a generic lockfile parser for npm, yarn, pnpm
to provide a generic interface to @npmcli/arborist, @yarnpkg/parsers, @pnpm/lockfile-file

but it does not return a tree of dependencies
its a stream parser that calls

eventHandlers.enterPackage(packageData);
// recurse into dependencies of this package
eventHandlers.leavePackage(packageData);

i started this 2 years ago because i was not happy with snyk-nodejs-lockfile-parser
also because it does not return the resolved and integrity values of the locked packages

downsides: not used, not tested, abandoned project
i just found this again via my pnpm-install-only
which is a generic package installer for npm, yarn, (not yet pnpm)
using the filesystem layout of pnpm to create a deep tree

edit: https://github.com/antongolub/lockfile is more mature, but has no pnpm support

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ghengeveld ghengeveld Awaiting requested review from ghengeveld

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
minor Auto: Increment the minor version when merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@lapa182 @tevanoff @Obi-Dann @kevinlandsberg @milahu