New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: add script to update package-level package-lock.json #2583
Conversation
"update-template-deps": "node bin/update-template-deps -f", | ||
"update-greenkeeper-json": "node bin/update-greenkeeper-json -f", | ||
"sync-dev-deps": "node bin/sync-dev-deps", | ||
"version": "npm run update-template-deps && npm run apidocs", | ||
"version": "npm run update-package-lock-json && npm run update-template-deps && npm run apidocs", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does running update-template-deps
before or after update-package-lock-json
make any difference to the package-lock.json
files that are updated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not really. But updating package-lock.json files has more chances to fail than update-template-deps
.
f3fee22
to
5c8d537
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 馃憤
"path-key": { | ||
"version": "2.0.1", | ||
"resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz", | ||
"integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A= |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is not right. Package lock should not list local dependencies that are linked within monorepo.
In the current setup, npm i
(lerna bootstrap
) installs monorepo-local packages from the npm registry and replaces any links created by lerna
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the record, npm i
does not update package-lock.json for me even after I added new dependencies to a package.json. That's what led me to discover the issue and put a workaround.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems that lerna clean && lerna bootstrap --no-ci
does update package-lock.json for all leaf packages. I'll open a PR to use it.
@raymondfeng I feel this change is very likely going in a wrong direction. Why is it necessary to update package-lock files when we are making new releases? The lock files are not supposed to contain entries for dependencies resolved via symlinks by lerna. I am fixing the immediate problem in #2593. I think we should also revert the changes made in |
I wanted to make sure package-lock.json files are up-to-date respecting package.json. For example, if I add a new dependency to |
This PR adds a npm script to update package-level package-lock.json files as
lerna bootstrap
does not do so. See lerna/lerna#1415 (comment) for more details.Checklist
馃憠 Read and sign the CLA (Contributor License Agreement) 馃憟
npm test
passes on your machinepackages/cli
were updatedexamples/*
were updated