Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
lerna bootstrap modifies package-lock.json files
See original GitHub issueOur project have several packages: A B C depends on A & B D depends on A, B & C
all packages have package-lock.json file.
When running lerna --bootstrap
Expected Behavior
symbolic links should be created. package-lock.json should not be modified (only when running lerna publish, package-lock.json should be modified)
Current Behavior
symbolic links are created. package-lock.json files are modified, removing references of all local packages.
Workaround:
running
lerna exec --concurrency 1 git checkout -- package-lock.json
right after lerna bootstrap to correct package-lock.json files
Environment info:
System: OS: Windows 10 10.0.17134 CPU: (8) x64 Intel® Core™ i7-8650U CPU @ 1.90GHz Binaries: Node: 12.15.0 - C:\Program Files\nodejs\node.EXE npm: 6.13.7 - C:\Program Files\nodejs\npm.CMD Utilities: Git: 2.25.0. npmPackages: lerna: 3.20.2 => 3.20.2
Issue Analytics
- State:
- Created 4 years ago
- Reactions:10
- Comments:13
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
lerna bootstrapis just callingnpm installunder the hood after removing local packages from the package.json. So, expect your package-lock.json file to change per npm’s algorithm.Use
lerna bootstrap --cito prevent the package-lock.json changes.We have encountered a similar “issue”.
It seems the
lerna bootstrapcommand is functioning as intended. In our case we have this scenario:npmlerna bootstrap --hoistWhen cloning the repo, we were having users run
npm install. The issue with this, is that it will completely rewrite the rootpackage-lock.jsonfile to only have the dependencies specified at the root. This removes the entries written to the lock file withlerna bootstrap --hoist. Then, when a user runslerna bootstrap --hoistthey get every single dependency with a^in the version updated.Once we started omitting the
npm installstep and requiring a pure clone to usenpx lerna bootstrap --hoistto pull down dependencies, ourpackage-lock.jsonfile started to look like we would expect, with only new additions being new added dependencies.However, this is a little bit unorthodox. Having a repository using
npmbut requiring users to not runnpm installis weird for new users. We have added this to prevent someone from inadvertently runningnpm install:Using
yarnas a package manager somewhat gets around this, because the bootstrap step and the initial install step uses the same (yarn) binary. We haven’t switched to yarn because it doesn’t provide an easy way to run a scoped bootstrap when dependencies are private and not published to any registry.I’d be interested to know if there’s any way to maintain the ability to to a pure
npm installwithout rewriting the rootpackage-lockand thus causinglerna bootstrap --hoistto upgrade all^dependencies.