You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using lerna bootstrap --hoist the root level package-lock.json contains all of the installed dependencies. And if that is the accepted approach in a project then there is a problem when using lerna version.
Since the following PR an npm i is being used at root level after the version script. This leads to only the root dependencies being listed in the package-lock.json which would break further usages of lerna bootstrap --hoist (since it would install the latest allowed dependencies). This is also mentioned in a comment in the PR
The current workaround that we've ended up with is adding the following to our lerna.json
"version": {
"npmClientArgs": [
"--dry-run"
]
}
However this is a workaround and not the ideal fix in this case.
Expected Behavior
This is a regression as there were no such problems before version 5.4.2!
I would expect the additional npm i to be an opt-in feature or at least a flag that allows us to opt-out.
Steps to Reproduce
Create a monorepo with 2 packages. Each package has a bunch of dependencies (not important which).
On the root level package.json add only lerna as a dev dependecy
Run lerna bootstrap --hoist --strict
Verify that the package-lock.json on root level contains all dependencies from all packages
Run lerna version prerelease --preid=alpha --no-git-tag-version --no-commit-hooks --no-push --yes
Verify that only the root level dependencies are apparent in package-lock.json while the package specific ones are removed.
Hi @AGalabov , lerna bootstrap is part of Lerna's legacy package management features and is no longer the recommended way of managing packages within a Lerna monorepo. See the legacy package management docs for an in-depth explanation of why this is the case and how to replace lerna bootstrap with npm/yarn/pnpm workspaces. When using the modern workspaces solution for package management, this behavior should not be an issue.
Current Behavior
When using
lerna bootstrap --hoist
the root levelpackage-lock.json
contains all of the installed dependencies. And if that is the accepted approach in a project then there is a problem when usinglerna version
.Since the following PR an
npm i
is being used at root level after the version script. This leads to only the root dependencies being listed in thepackage-lock.json
which would break further usages oflerna bootstrap --hoist
(since it would install the latest allowed dependencies). This is also mentioned in a comment in the PRThe current workaround that we've ended up with is adding the following to our
lerna.json
However this is a workaround and not the ideal fix in this case.
Expected Behavior
This is a regression as there were no such problems before version 5.4.2!
I would expect the additional
npm i
to be an opt-in feature or at least a flag that allows us to opt-out.Steps to Reproduce
package.json
add only lerna as a dev dependecylerna bootstrap --hoist --strict
package-lock.json
on root level contains all dependencies from all packageslerna version prerelease --preid=alpha --no-git-tag-version --no-commit-hooks --no-push --yes
package-lock.json
while the package specific ones are removed.Environment
The text was updated successfully, but these errors were encountered: