Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Does lerna support npm 8? (esp. the overrides feature)

See original GitHub issue

I need to use npm 8 for its “overrides” feature (reference: https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides) so that I can override a transitive dependency for one of the packages in the monorepo.

In the meanwhile, the monorepo is bootstrapped with:

  • hoist
  • force-local

I thought Lerna must have been delegating the install to npm so the overrides should just work, but that’s not the case.

In the package.json of the package, I am trying to override the following:

{
  ...,
  "overrides": {
    "eslint-plugin-json-files": {
      "sort-package-json": {
        "globby": "11.0.0"
      }
    }
  }
}

Expected Behavior

The package-lock.json in the root of the monorepo should have:

{
  "packages": {
    ...,
    "node_modules/sort-package-json": {
      "version": "1.55.0",
      "integrity": "sha512-xhKvRD8WGbALjXQkVuk4/93Z/2NIO+5IzKamdMjN5kn3L+N+M9YWQssmM6GXlQr9v1F7PGWsOJEo1gvXOhM7Mg==",
      "license": "MIT",
      "dependencies": {
        "detect-indent": "^6.0.0",
        "detect-newline": "3.1.0",
        "git-hooks-list": "1.0.3",
        "globby": "10.0.0",
        "is-plain-obj": "2.1.0",
        "sort-object-keys": "^1.1.3"
      },
      "bin": {
        "sort-package-json": "cli.js"
      }
    },
    "node_modules/sort-package-json/node_modules/globby": {
      "version": "11.0.0",
      "integrity": "sha512-iuehFnR3xu5wBBtm4xi0dMe92Ob87ufyu/dHwpDYfbcpYpIbrO5OnS8M1vWvrBhSGEJ3/Ecj7gnX76P8YxpPEg==",
      "license": "MIT",
      "dependencies": {
        "array-union": "^2.1.0",
        "dir-glob": "^3.0.1",
        "fast-glob": "^3.1.1",
        "ignore": "^5.1.4",
        "merge2": "^1.3.0",
        "slash": "^3.0.0"
      },
      "engines": {
        "node": ">=10"
      },
      "funding": {
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
    ...
  }
}

Note the “declared” version of "globby": "10.0.0" vs the overridden version "version": "11.0.0" above in two json objects.

Current Behavior

The package-lock.json in the root of monorepo now has:

{
  "packages": {
    ...,
    "node_modules/sort-package-json": {
      "version": "1.55.0",
      "integrity": "sha512-xhKvRD8WGbALjXQkVuk4/93Z/2NIO+5IzKamdMjN5kn3L+N+M9YWQssmM6GXlQr9v1F7PGWsOJEo1gvXOhM7Mg==",
      "license": "MIT",
      "dependencies": {
        "detect-indent": "^6.0.0",
        "detect-newline": "3.1.0",
        "git-hooks-list": "1.0.3",
        "globby": "10.0.0",
        "is-plain-obj": "2.1.0",
        "sort-object-keys": "^1.1.3"
      },
      "bin": {
        "sort-package-json": "cli.js"
      }
    },
    "node_modules/sort-package-json/node_modules/globby": {
      "version": "10.0.0",
      "integrity": "sha512-3LifW9M4joGZasyYPz2A1U74zbC/45fvpXUvO/9KbSa+VV0aGZarWkfdgKyR9sExNP0t0x0ss/UMJpNpcaTspw==",
      "license": "MIT",
      "dependencies": {
        "@types/glob": "^7.1.1",
        "array-union": "^2.1.0",
        "dir-glob": "^3.0.1",
        "fast-glob": "^3.0.3",
        "glob": "^7.1.3",
        "ignore": "^5.1.1",
        "merge2": "^1.2.3",
        "slash": "^3.0.0"
      },
      "engines": {
        "node": ">=8"
      }
    },
    ...
  }
}

Note that the declared version and the actual installed version are the same, meaning overrides not taking effect.

Possible Solution

N/A

Steps to Reproduce (for bugs)

  1. override in package.json in a package
  2. npm install
  3. lerna bootstrap --hoist --force-local
lerna.json

<!-- Please paste your `lerna.json` here -->

lerna-debug.log

<!-- If you have a `lerna-debug.log` available, please paste it here -->
<!-- Otherwise, feel free to delete this <details> block -->

Context

Your Environment

Executable Version
lerna --version 4.0.0
npm --version 8.5.0
yarn --version VERSION
node --version 16.14.2

| OS | Version | | macOS Catalina | 10.15.7 | | NAME | VERSION |

Issue Analytics

  • State:closed
  • Created a year ago
  • Reactions:1
  • Comments:5

github_iconTop GitHub Comments

1reaction
ghiscodingcommented, May 18, 2022

@garrychnca hey so I am recently in the process of migrating a monorepo from yarn workspaces to pnpm workspaces and had to use the override that is nearly identical to npm and it wasn’t working when I tried to set into the package.json of that package but it started to work after I tried the same override in the root package.json of the monorepo. If you’re using npm 8 then you don’t really need to use lerna bootstrap anymore, just use npm 8 workspaces and the override will work as expected (at least in the root it worked for me). I’m using Lerna-Lite and there’s no lerna bootstrap command (no longer necessary with newer package managers) and override is working fine from what I can see, I also assume that Lerna would work just the same if you use the package manager workspaces instead of lerna bootstrap.

0reactions
JamesHenrycommented, Nov 29, 2022

Hi Folks 👋

Please take a look at our published roadmap for Lerna v7 here: https://github.com/lerna/lerna/discussions/3410

One of the key items covered at length on there (please do read it for full context) is that now that we find ourselves in late 2022, it no longer makes sense for lerna to supplement package management concerns (such as installation, boostrapping, linking etc) which are covered reliably for monorepo workspaces by the three main package managers: npm, yarn and pnpm. lerna bootstrap et al were developed in a completely different era of the JavaScript ecosystem.

If you have any specific concerns please do join in on that discussion, and provide as much context as possible.

Many thanks 🙏

Read more comments on GitHub >

github_iconTop Results From Across the Web

@lerna/version - npm
When run, this command does the following: Identifies packages that have been updated since the previous tagged release. Prompts for a new version....
Read more >
Things I wish I had known when I started JavaScript monorepo ...
This article tries to fill this gap with valuable information how to manage your monorepo with Lerna as of today (5.9.2020). Npm local...
Read more >
NX vs Lerna vs Rush, can anyone comment on their ... - Reddit
The one gotcha I've run into, is that npm install inside a single monorepo package will overwrite the lerna managed symlinks (and hoisting)....
Read more >
Do I commit the package-lock.json file created by npm 5?
Yes, package-lock.json is intended to be checked into source control. If you're using npm 5+, you may see this notice on the command...
Read more >
The crazy story of Verdaccio
Perhaps I might be responsible for what is Verdaccio today, ... features as scopes packages, search on UI, plugins, override public packages ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

More accurate explanation of recommended version is needed in v5 release note.

Next page

--use-workspaces and npm