New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: properly update lockfile v2 #3091
Conversation
Can we merge this PR and release a version ? Its a must have for us. |
I'm not hopeful it'll be merged anytime soon, last commit to this repo was over a year ago. That said, I had success using patch-package to apply this fix. |
note that this fix, and other code change around npm package-lock, were added to Lerna-Lite fork if that is any helpful. |
npm's lockfile v2 adds a new top-level key: packages. This is not really noteworthy except for the fact that the first entry in there is a copy of the package this lockfile is for, stored in the key `""`, and this copy _also_ has a version key. This commit checks for and updates that key (`packages."".version`) if it exists. Fixes #2832.
Hi @simon-abbott 👋 Thank you very much for taking the initiative to contribute this PR! You may or may not know that lerna is now under the stewardship of Nrwl (announcement here #3121), a company with a long history of not just producing valuable open-source software (OSS), but also backing others (at the time of writing, Nrwl has donated over $50,000 to OSS it hasn't created, see https://opencollective.com/nx for full details). Quite simply, Nrwl ❤️ OSS, and is committed to making lerna the best it can be. We use it ourselves. We hope you will continue to be a part of this community as we look to take things forward from here! Please see #3140 for more details on our plans for 2022. Many thanks again 🙏 |
Description
npm's lockfile v2 adds a new top-level key: packages. This is not really noteworthy except for the fact that the first entry in there is a copy of the package this lockfile is for, stored in the key
""
, and this copy also has a version key. This commit checks for and updates that key (packages."".version
) if it exists.Fixes #2832.
Motivation and Context
Using
lerna version
in our CI/CD pipeline is very annoying as after I pull a new version and run install every single lockfile is updated, which shouldn't be necessary. See #2832 for more details.How Has This Been Tested?
I added a new test and ensured that it failed without the change and passed with the change.
Types of changes
Checklist: