Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

feat(version): Update 'version' field of package-lock.json

See original GitHub issue

Expected Behavior

I would expect lerna version to update the version field of package-lock.json files in packages that it updates the version of.

Current Behavior

Currently it seems like lerna version only updates package.json.

Solution

Update the version field in package-lock.json and npm-shrinkwrap.json. Edit: and yarn.lock I guess, and who knows what else, which also might explain why this isn’t currently implemented.

Steps to Reproduce (for bugs)

lerna init
lerna create foo
cd packages/foo && npm install && cd ../.. (generate package-lock.json)
lerna version
grep version packages/a/package{,-lock}.json

lerna.json

{
  "packages": [
    "packages/*"
  ],
  "version": "0.0.0"
}

Context

I haven’t encountered any actual problems with it, but it just looks weird (and it’s wrong too).

Your Environment

Executable	Version
`lerna --version`	`3.13.0`
`npm --version`	`6.9.0`
`yarn --version`	N/A
`node --version`	`v11.11.0`

OS	Version
NAME	VERSION
Debian	8.2.0-14

Issue Analytics

State:
Created 5 years ago
Reactions:12
Comments:12 (4 by maintainers)

Top GitHub Comments

2reactions

lizardrusscommented, May 8, 2019

I can offer some details for whoever might decide to work on a PR for this. There are two points in the lifecycle in which a package-lock.json might be updated. The first is version, which has already been discussed. The second is after publish, where freshly published dependencies now have a new integrity hash.

The publish work around that I’ve had success with is this script:

#! /bin/bash
lerna publish --yes --no-push
lerna exec -- npm install --package-lock-only --ignore-scripts --no-audit
git add **/package-lock.json
git commit --amend --no-edit
VERSION=`node -pe "require('$PWD/package.json').version;"`
git tag -f "v${VERSION}"
git push --follow-tags

A quick summary is that --no-push will make lerna skip the git tag and push during publish so that the script can update the package-lock.json files, amend the commit, tag, and finally push.

The above script only works for a project using fixed versions.

I would love to see this added to lerna, but I may not have time to submit a PR myself. I hope this helps someone who does!

0reactions

evocateurcommented, Oct 21, 2019

v3.18.2

Top Results From Across the Web

package-lock.json - npm Docs

Dependency objects have the following fields: version: a specifier that varies depending on the nature of the package, and is usable in fetching...

Frequently Asked Questions - semantic-release

As the @semantic-release/npm plugin uses the npm CLI to update the package.json version and publish the package, all npm hook scripts will be...

How to update version of a package in package-lock.json and ...

Now it works different, if you notice package versions in package lock.json have a prefix, sometimes its ~ sometimes ^ , they have...

The Complete Guide to package-lock.json - Medium

package.json · The dependencies object contains the package name mapped to the version range · Different symbols denote different version updating strategies.

Java (programming language) - Wikipedia

Java is a high-level, class-based, object-oriented programming language that is designed to ... As of September 2022, Java 19 is the latest version,...