Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version script removing hoisted dependencies from root package-lock.json #3501

Open
AGalabov opened this issue Jan 18, 2023 · 2 comments
Open

Version script removing hoisted dependencies from root package-lock.json #3501

AGalabov opened this issue Jan 18, 2023 · 2 comments
Labels
type: bug

Comments

@AGalabov
Copy link

Current Behavior

When using lerna bootstrap --hoist the root level package-lock.json contains all of the installed dependencies. And if that is the accepted approach in a project then there is a problem when using lerna version.

Since the following PR an npm i is being used at root level after the version script. This leads to only the root dependencies being listed in the package-lock.json which would break further usages of lerna bootstrap --hoist (since it would install the latest allowed dependencies). This is also mentioned in a comment in the PR

The current workaround that we've ended up with is adding the following to our lerna.json

    "version": {
      "npmClientArgs": [
        "--dry-run"
      ]
    }

However this is a workaround and not the ideal fix in this case.

Expected Behavior

This is a regression as there were no such problems before version 5.4.2!

I would expect the additional npm i to be an opt-in feature or at least a flag that allows us to opt-out.

Steps to Reproduce

  1. Create a monorepo with 2 packages. Each package has a bunch of dependencies (not important which).
  2. On the root level package.json add only lerna as a dev dependecy
  3. Run lerna bootstrap --hoist --strict
  4. Verify that the package-lock.json on root level contains all dependencies from all packages
  5. Run lerna version prerelease --preid=alpha --no-git-tag-version --no-commit-hooks --no-push --yes
  6. Verify that only the root level dependencies are apparent in package-lock.json while the package specific ones are removed.
{
  "version": "26.0.0-alpha.1",
  "npmClient": "npm",
  "packages": [
    "packages/*"
  ],
  "command": {
    "publish": {
      "message": "Version %s",
      "exact": true,
      "registry": "omitted"
    }
  }
}

Environment

  System:
    OS: Linux 5.15 Ubuntu 22.04.1 LTS 22.04.1 LTS (Jammy Jellyfish)
    CPU: (8) x64 Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz
  Binaries:
    Node: 18.12.1 - ~/.nvm/versions/node/v18.12.1/bin/node
    Yarn: 1.22.11 - ~/.npm-global/bin/yarn
    npm: 8.19.2 - ~/.nvm/versions/node/v18.12.1/bin/npm
  Utilities:
    Git: 2.34.1 - /usr/bin/git
  npmPackages:
    lerna: ~6.3.0 => 6.3.0
@AGalabov
Copy link
Author

Any update on that?

@fahslaj
Copy link
Contributor

fahslaj commented Jun 28, 2023

Hi @AGalabov , lerna bootstrap is part of Lerna's legacy package management features and is no longer the recommended way of managing packages within a Lerna monorepo. See the legacy package management docs for an in-depth explanation of why this is the case and how to replace lerna bootstrap with npm/yarn/pnpm workspaces. When using the modern workspaces solution for package management, this behavior should not be an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fahslaj @AGalabov