package-lock file isn't updated properly on lockfileVersion 3 #3455
Comments
|
Update on this: lockfile v2 is buggy too. After one BUT after that all consequent version updates fail (the same error: module not found). After investigation I got that Lerna adds
|
|
Yet another update: after Lerna adds Most likely this breaks Lerna's algorithm to detect a package in lockfile. |
|
FYI I discussed this w/ some folks from npm during open office hours and they advised to open an issue as it's two pronged. First here is the link to the open issue in npm npm/cli#5967. and 2nd the feedback is that most likely lerna would need to bump the version in the lockfile as well on top of NPM being defensive. |
Enable CorePack in create-release-pr.yml npm 9.3.1 break lerna lerna/lerna#3455 npm/cli#5967
|
It looks like npm v9.4.2 revert this behavior. 📝 Note
|
|
The underlying issue still stands. |
|
Thanks a lot for providing the example repository! I'm pleased to say that when regenerating your lockfile on node 18.5.0 and npm 9.5.0 and using the latest lerna
|
|
@azu @JamesHenry Thank you for your updates! I confirm that npm 9.4.2+ works like a charm. All updates I made past days (4-5 releases) worked well, all deps and lock-file deps where updated correctly. So yes, this issue is solved. Thanks :) |
Current Behavior
When
package-lock.jsonfile haslockfileVersion===3 then lerna doesn't update packages' version - it causes "No matched version found" error in the end forlerna versioncommand.Expected Behavior
Correct behaviour: support lockfile v3 as it's used by default in the new npm projects. (change
packages.*.version,packages.*.dependencies/devDevendencies.*.version)It isn't regression, v3 was never supported.
Steps to Reproduce
Can you reproduce this on https://github.com/lerna/repro? -
NOI've created my own: https://github.com/philippmalkov/lerna-lockfile-v3-bug-repro
npm ilerna version 1.0.1 --no-pushIt isn't missing package error, it actually comes from that
pkg3@^1.0.1isn't found locally because npm builds its tree from lockfile where root packages show that they'rev1.0.0.If you remove v3 lockfile and replace it with v2 then the same
lerna versioncommand will work fine.Failure Logs / Configuration
lerna-debug.log
0 silly argv { 0 silly argv _: [ 'version' ], 0 silly argv push: false, 0 silly argv lernaVersion: '6.1.0', 0 silly argv '$0': '/Users/ileep/WebstormProjects/testing-monorepo-lockfile-v3/node_modules/.bin/lerna', 0 silly argv bump: '1.0.1' 0 silly argv } 1 notice cli v6.1.0 2 verbose rootPath /Users/ileep/WebstormProjects/testing-monorepo-lockfile-v3 3 info current version 1.0.0 4 silly isAnythingCommitted 5 verbose isAnythingCommitted 1 6 silly getCurrentBranch 7 verbose currentBranch master 8 silly hasTags 9 verbose hasTags false 10 info Assuming all packages changed 11 verbose updated @maybephilipp/pkg1 12 verbose updated @maybephilipp/pkg2 13 verbose updated @maybephilipp/pkg3 14 verbose git-describe undefined => "df4a897" 15 silly git-describe parsed => {"refCount":"3","sha":"df4a897","isDirty":false} 16 info execute Skipping git push 17 info execute Skipping releases 18 silly lifecycle No script for "preversion" in "@maybephilipp/root-pkg", continuing 19 silly lifecycle No script for "preversion" in "@maybephilipp/pkg3", continuing 20 verbose version @maybephilipp/pkg3 has no lockfile. Skipping lockfile update. 21 silly lifecycle No script for "version" in "@maybephilipp/pkg3", continuing 22 silly lifecycle No script for "preversion" in "@maybephilipp/pkg1", continuing 23 silly lifecycle No script for "preversion" in "@maybephilipp/pkg2", continuing 24 verbose version @maybephilipp/pkg1 has no lockfile. Skipping lockfile update. 25 verbose version @maybephilipp/pkg2 has no lockfile. Skipping lockfile update. 26 silly lifecycle No script for "version" in "@maybephilipp/pkg1", continuing 27 silly lifecycle No script for "version" in "@maybephilipp/pkg2", continuing 28 verbose version Updating root package-lock.json 29 error Error: Command failed with exit code 1: npm install --package-lock-only --ignore-scripts 29 error npm ERR! code E404 29 error npm ERR! 404 Not Found - GET https://registry.npmjs.org/@maybephilipp%2fpkg3 - Not found 29 error npm ERR! 404 29 error npm ERR! 404 '@maybephilipp/pkg3@^1.0.1' is not in this registry. 29 error npm ERR! 404 29 error npm ERR! 404 Note that you can also install from a 29 error npm ERR! 404 tarball, folder, http url, or git url. 29 error 29 error npm ERR! A complete log of this run can be found in: 29 error npm ERR! /Users/ileep/.npm/_logs/2022-12-05T07_25_53_783Z-debug-0.log 29 error at makeError (/Users/ileep/WebstormProjects/testing-monorepo-lockfile-v3/node_modules/execa/lib/error.js:60:11) 29 error at handlePromise (/Users/ileep/WebstormProjects/testing-monorepo-lockfile-v3/node_modules/execa/index.js:118:26) 29 error at process.processTicksAndRejections (node:internal/process/task_queues:95:5) 29 error at async Promise.all (index 0)Environment
System:
OS: macOS 13.0
CPU: (10) arm64 Apple M1 Pro
Binaries:
Node: 19.0.1 - ~/.nvm/versions/node/v19.0.1/bin/node
Yarn: 3.2.4 - ~/.nvm/versions/node/v19.0.1/bin/yarn
npm: 9.1.1 - ~/.nvm/versions/node/v19.0.1/bin/npm
Utilities:
Git: 2.37.1 - /usr/bin/git
npmPackages:
lerna: ^6.1.0 => 6.1.0
Relevant issues
Issues for lockfile v2:
#3090
#2832
#3091
#2891
The text was updated successfully, but these errors were encountered: