lerna add --scope does not update package-lock file

[bajtos]

When adding a new dependency to a single package using lerna add --scope {name} {dep}, the file packages/{name}/package-lock.json is not updated.

Strangely enough, when adding the same dependency to all packages (omitting --scope argument), package locks are updated correctly.

Expected Behavior

When npm's package-lock feature is enabled, then lerna add should always update corresponding package-lock.json files, regardless of whether --scope argument was used or not.

Current Behavior

• lerna add --scope {name} {dep} does not update packages/name/package-lock.json file.

Possible Solution

The same solution that's already in place for lerna add with no scope?

Steps to Reproduce (for bugs)

1. Create a simple monorepo. I created a sandbox you can use yourself:

   https://github.com/bajtos/lerna-package-locks/tree/lerna-add

2. Run the following command:

   $ lerna add --scope app p-event
   

3. Run git status to see what has changed:

   $ git status
   (...)
       modified:   packages/app/package.json
   

lerna.json

{
  "lerna": "3.3.0",
  "packages": [
    "packages/*"
  ],
  "version": "independent"
}

Context

I ran into this issue after we have recently enabled package-lock feature in https://github.com/strongloop/loopback-next and found out that we don't know how correctly add new dependencies to our packages.

Your Environment

Executable	Version
lerna --version	3.13.1
npm --version	6.9.0
yarn --version	n/a
node --version	v10.15.0

OS	Version
macOS Mojave	10.14.3

Please note my global npm config in ~/.npmrc is disabling the package-lock feature. The sandbox in https://github.com/bajtos/lerna-package-locks/tree/lerna-add is explicitly enabling it by including .npmrc files in all places where it's needed.

[endreymarcell]

My team's also missing this. We might be able to take a stab at a PR at some point, but until then, I just created these patches with patch-package:

• @lerna+add+3.11.0.patch

diff --git a/node_modules/@lerna/add/index.js b/node_modules/@lerna/add/index.js
index 8dc4a05..07e7494 100644
--- a/node_modules/@lerna/add/index.js
+++ b/node_modules/@lerna/add/index.js
@@ -96,6 +96,8 @@ class AddCommand extends Command {
     if (this.options.bootstrap !== false) {
       chain = chain.then(() => {
         const argv = Object.assign({}, this.options, {
+          lock: true,
+          includeFilteredDependencies: true,
           args: [],
           cwd: this.project.rootPath,
           // silence initial cli version logging, etc

• @lerna+bootstrap+3.11.0.patch

diff --git a/node_modules/@lerna/bootstrap/command.js b/node_modules/@lerna/bootstrap/command.js
index e984cc4..c7924ce 100644
--- a/node_modules/@lerna/bootstrap/command.js
+++ b/node_modules/@lerna/bootstrap/command.js
@@ -16,6 +16,11 @@ exports.builder = yargs => {
       "# execute `npm install --no-optional` in bootstrapped packages"
     )
     .options({
+      lock: {
+        group: "Command Options:",
+        describe: "Update package-lock.json files as well.",
+        type: "boolean",
+      },
       hoist: {
         group: "Command Options:",
         describe: "Install external dependencies matching [glob] to the repo root",
diff --git a/node_modules/@lerna/bootstrap/index.js b/node_modules/@lerna/bootstrap/index.js
index 9fdd636..3b02458 100644
--- a/node_modules/@lerna/bootstrap/index.js
+++ b/node_modules/@lerna/bootstrap/index.js
@@ -38,7 +38,7 @@ class BootstrapCommand extends Command {
   }
 
   initialize() {
-    const { registry, npmClient = "npm", npmClientArgs = [], mutex, hoist, nohoist } = this.options;
+    const { registry, npmClient = "npm", npmClientArgs = [], mutex, hoist, nohoist, lock } = this.options;
 
     if (npmClient === "yarn" && hoist) {
       throw new ValidationError(
@@ -167,8 +167,10 @@ class BootstrapCommand extends Command {
         // an explicit --scope, --ignore, or --since should only symlink the targeted packages, no others
         this.targetGraph = new PackageGraph(filteredPackages, "allDependencies", this.options.forceLocal);
 
-        // never automatically --save or modify lockfiles
-        this.npmConfig.npmClientArgs.unshift(npmClient === "yarn" ? "--pure-lockfile" : "--no-save");
+        // never automatically --save or modify lockfiles, unless requested
+        if (!lock) {
+            this.npmConfig.npmClientArgs.unshift(npmClient === "yarn" ? "--pure-lockfile" : "--no-save");
+        }
 
         // never attempt `npm ci`, it would always fail
         if (this.npmConfig.subCommand === "ci") {

[evocateur]

That patch looks like a great start on the PR. :)

[evocateur]

@bajtos I'm fairly certain 71174e4 is the root cause here (active since lerna v3.10.3). Omitting --scope and succeeding is even more confirmation of my suspicion. Working on a patch now.

[evocateur]

Fix published in v3.14.0

[bajtos]

Based on my current understanding, I agree the problem was most likely introduced by 71174e4.

Possibly related: #2104

If/when my pull request lands, then it may be possible to solve the problem reported in this issue by adding --force-local parameter, as in

lerna add --force-local --scope {name} {dep}

Honestly, I feel it was a mistake to land 71174e4 and change behavior of so many unintended places. I would prefer if the new behavior introduced by 71174e4 would require a new CLI flag to be enabled, and not the other way around.

[krzysztof-grzybek]

@bajtos Shouldn't this issue be reopened? I just encountered this issue with yarn in lerna@3.21.0

[flashbackzoo]

I'm getting this too with yarn@1.22.4 and lerna@3.20.2

[cathykc]

Same here with lerna@3.22.1. Using npm and not yarn

[Edge00]

Same here with lerna@3.22.1. Using npm