lerna add
ignores npmrc settings in monorepo root
#1990
Labels
scope: package management
Issues with the bootstrap/add/link commands that relate to package management
On my machine, I am using the following npm configuration:
Config in home (
~/.npmrc
):Config in our monorepo (https://github.com/strongloop/loopback-next/blob/master/.npmrc):
When I run
lerna add {pkg}
in a monorepo, no package-lock file is created in packages. I have to copy monorepo's.npmrc
files into all packages to enable package-lock feature packages too.Expected Behavior
When
lerna
executesnpm
commands in a package directory, then it appliesnpm
configuration specified in monorepo's root directory.Current Behavior
The configuration specified in monorepo's root directory is applied only when executing
npm
in the monorepo scope. Projects using custom npm configuration must duplicate this config in every package directory.Possible Solution
lerna bootstrap
can create symlinks to distribute monorepo's npm configuration to all packages. This would not allow individual packages to further override config shared in the monorepo.Commands like
lerna add
can merge the content of.npmrc
files at monorepo-level and package-level before calling out tonpm
and then revert the changes afternpm
returns. We are already doing something similar withpackage.json
files when installing dependencies.Once npm adds support for workspaces, this problem may go away automatically 🤞
Steps to Reproduce (for bugs)
Disable package-lock in your user-level npm config file (
~/.npmrc
):Create a simple monorepo with few packages. Enable package-lock in monorepo's root
~/.npmrc
file:You can use my sandbox here: https://github.com/bajtos/lerna-package-locks/tree/root-npmrc-ignored
Add a new dependency to all packages (it's important to omit the scope because of
lerna add --scope
does not update package-lock file #1989):Run
git status
to see what has changed:lerna.json
Context
Historically, LoopBack consisted of many individual packages that were intentionally not using package-lock feature. As a module author, I want to always install the latest version of my dependencies, to ensure I use the same versions that consumers of my module would use too. That's why my user-level npm config is disabling package locks.
In loopback-next, our current monorepo codebase, we enabled Greenkeeper to watch new versions of our dependencies. With that watcher in place, we enabled package-lock too, with the motivation to speed up install times.
Unfortunately, to get package locks working on all machines, regardless of the global and user-level config, we have to duplicate
.npmrc
files in all packages of our monorepo.Your Environment
lerna --version
npm --version
yarn --version
node --version
Please note my global npm config in
~/.npmrc
is disabling the package-lock feature.The text was updated successfully, but these errors were encountered: