Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to update workspace package-lock.json after `version` on npm@7

See original GitHub issue

I manage two mono-repo projects (PixiJS and PixiJS Filters) which are both experiencing flavors of the same issue after upgrading to npm@7 workspaces. The package-lock file is not updated after calling lerna version. This creates an unclean git environment when CI attempts to publish resulting in a blocked publish (see example).

Expected Behavior

After doing lerna version, the package-lock.json should be updated to reflect the version number bumps in the packages and included in the tag.

Current Behavior

package-lock.json is not updated, and version numbers on workspace packages reflect the previous versions. Subsequent npm installs create a change in the package-lock.json.

Possible Solution

I tried unsuccessfully add a hook to bump the lock: "postversion": "npm i --package-lock-only" But this errored Failed to exec postversion script

Maybe having a pretag lifecycle hook would help to add this?

Steps to Reproduce (for bugs)

  1. git clone git@github.com:pixijs/filters.git 2.npm install
  2. npm run release -- --no-push --force-publish (notice no package-lock.json changes in tag)
  3. npm install (notice package-lock.json is updated)
lerna.json

<!-- Please paste your `lerna.json` here -->

lerna-debug.log

<!-- If you have a `lerna-debug.log` available, please paste it here -->
<!-- Otherwise, feel free to delete this <details> block -->

Context

Your Environment

Executable Version
lerna --version v4.0.0 & v3.13.4
npm --version v7.11.2
yarn --version n/1
node --version v12.18.1
OS Version
macOS BigSur 11.2.3

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:3
  • Comments:10 (5 by maintainers)

github_iconTop GitHub Comments

4reactions
andyjycommented, Oct 28, 2021

Same issue, I was able to come up with what felt like a ‘cleaner’ workaround:

Just add a version npm script to the root package.json:

  "scripts": {
     ...
     "version": "npm install --package-lock-only && git add package-lock.json"
   }

…turns out this (npm run version) is called automatically by Lerna “AFTER bumping the package version, but BEFORE commit”

(which I initially discovered by reading the lerna version source code, before realising is actually documented in the “Lifecycle scripts” section of the version command 🤦‍♂️ ).

Thanks @bigtimebuddy for the original issue and workaround above - which gave me a strong head-start to understand what was up 😃

(Looks like this could be a duplicate of https://github.com/lerna/lerna/issues/2879)

3reactions
bigtimebuddycommented, May 3, 2021

Sharing my workaround. This, however, should probably be Lerna’s responsibility to play well with npm 7.

Before

lerna version

After

# Ignore Lerna's tag and push
lerna version --no-push --no-git-tag-version

# Get the current tag version
tag=v$(node -e "process.stdout.write(require('./lerna.json').version)");

# Update the lock file here
npm i --package-lock-only

# Auto-tag and auto-commit like usual
git commit --all -m ${tag}
git tag -a ${tag} -m ${tag}
git push --tags
git push
Read more comments on GitHub >

github_iconTop Results From Across the Web

npm install not creating a new package-lock.json
I'm working with a project that requires running npm ci which fails because there's no package-lock file - so why would the maintainers...
Read more >
package-locks
Using a locked package is no different than using any package without a package lock: any commands that update node_modules and/or package.json 's...
Read more >
npm-update
This command will update all the packages listed to the latest version (specified by the tag config), respecting the semver constraints of both...
Read more >
package-lock.json
json . It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate...
Read more >
npm-install
The --package-lock-only argument will only update the package-lock.json , instead of checking node_modules and downloading dependencies. The -f or --force ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Lerna v4 leaves orphaned child processes

Next page

Lerna import does not correctly import the file tree