-
Notifications
You must be signed in to change notification settings - Fork 587
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[rush-lib] Fix Set ignore-compatibility-db=true when rush installation #3575
[rush-lib] Fix Set ignore-compatibility-db=true when rush installation #3575
Conversation
Hello! @sherlockfeng, @octogonz |
This is a regression, thanks for reporting! |
i found that ignore-compatibility-db only supported in .npmrc, i will fix it today~ |
🚀 This fix was released with |
@octogonz Hi, any guesses? I also noticed the lock file gets changed after The lock file is not changed and I can commit with previous versions, e.g. 5.74.0 and 5.75.0. P.S. I also did |
Inspected 3 tarballs from npm (5.75.0, 5.76.0, 5.76.1) - couldn't find anything suspicious (well, at least from my point of view) |
@TheBit After an NPM package gets published, It seems to be installing fine for me, for example: PR #3580
This is by design:
Details in this GitHub issue: PNPM mysteriously installs unrelated packages · Issue #5132 · pnpm/pnpm (github.com) In a nutshell, if you are using PNPM Rush 5.76.0 disables this behavior. Disabling it will cause lockfile churn for people whose lockfiles were influenced by those fixups. The workaround would be to use We should call this out more clearly and provide better docs. I'll do that tonight. |
@octogonz thanx! It works now. It looks like I was rushing too much with the Rush ;) |
Background
When using different versions of pnpm to install in TTFE Monorepo. There are unwanted package changes in lockfile. The reason is that pnpm bundled @yarnpkg/package-extensions, which mysteriously installs unrelated packages.
Related issue:
PNPM mysteriously installs unrelated packages · Issue #5132 · pnpm/pnpm (github.com)
Zoltan, added a new "ignore-compatibility-db" settings to disable this behaviour 6.34.0 and 7.9.0-0
For Rush.js side, we do the following things:
"rush install/update" should always set "ignore-compatibility-db=true". It's unconditional because Rush's recommended way to use compatibility db would be to copy+paste the settings to "pnpm.packageExtensions" or "pnpmfile.cjs". (The rules must be stored in Git rather than installed via NPM).
Rush should print some kind of warning if the rush.json pnpmVersion specifies a version affected by this problem.
The affected versions are ">=6.32.12" and >= 7.0.1, and then < 6.34.0 and < 7.9.0-0 version
The message will be like: Warning: Your rush.json specifies a pnpmVersion with a known issue that may cause unintended version selections. It's recommended to upgrade to PNPM >=6.34.0 or >=7.9.0. For details see: https://rushjs.io/link/pnpm-issue-5132