Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[feature] prevent lerna from making lock files

See original GitHub issue

Expected Behavior

I expect lerna not to make package-lock.json files by default (see https://github.com/lerna/lerna/issues/2515), as these are not published with packages.

At the very least, I expect Lerna to at least read the .npmrc of my packages and see that they have package-lock=false.

Current Behavior

Even with .npmrc specifying package-lock=false, Lerna still creates package-lock files.

To work around the problem, I also list package-lock.json in my .gitignore files.

Possible Solution

Lerna could avoid creating package-locks by default, provide a CLI option for it, and also read the package-lock value in .npmrc files of each project (or similar for config files of other package managers). The CLI option would override any value from .npmrc files (or similar for other package managers).

Lerna version: 3.20.2

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5

github_iconTop GitHub Comments

2reactions
trusktrcommented, Mar 29, 2020

I discovered from the error output in https://github.com/lerna/lerna/issues/2517 that lerna version tries to add lock files using git add. That’s also undesirable.

I took a look at bootstrap options, but I didn’t see anything about not making lock files. But now that I realize lerna version is also trying to commit them, maybe there’s an overall configuration option that I missed?

1reaction
matthias-ccricommented, Feb 19, 2021

Adding package-lock.json to .gitignore is worse, because

  1. You still have a package-lock.json. Adding it to gitignore doesn’t actually remove it.
  2. Now developers will have different package-lock.json files. Therefore you get “works on my machine” situations from differing npm installs.
  3. If something breaks, there’s no diff to see what changed. No easy way to roll back to a “known good” version. Harder debugging.
Read more comments on GitHub >

github_iconTop Results From Across the Web

How to prevent Travis-CI generate yarn.lock OR how to ignore ...
I have a monorepo project setup using Lerna and use Travis-CI to automatically publish canary version after after all tests passed. The problem ......
Read more >
Configuration Options - Renovate Docs
This feature can be used to refresh lock files and keep them up-to-date. "Maintaining" a lock file means recreating it so that every...
Read more >
Lerna reborn — What's new in v6?. Lerna v6 is out ... - Nx Blog
As a result, with v6 all Lerna workspaces have the useNx set to true by default even if you don't have it in...
Read more >
Things I wish I had known when I started JavaScript monorepo ...
My prior experience with building a monorepo was creating a git ... None of the packages should have a package-lock.json file present.
Read more >
Workspaces in Yarn | Yarn Blog
To make the process easier, some big projects adopted a monorepo approach, ... In a nutshell, Lerna calls yarn/npm install for each package ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[feature] support for git submodules

Next page

--ci should be the default, both locally and on CI servers