Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local package.json are altered when --lockfile-only and readPackage are used together #5670

Closed
Silic0nS0ldier opened this issue Nov 23, 2022 · 1 comment · Fixed by #5678
Closed

Local package.json are altered when --lockfile-only and readPackage are used together #5670

Silic0nS0ldier opened this issue Nov 23, 2022 · 1 comment · Fixed by #5678
Labels
type: bug
Milestone
v7.17

Comments

@Silic0nS0ldier
Copy link
Sponsor Contributor

Silic0nS0ldier commented Nov 23, 2022
edited

pnpm version: 7.16.0

Code to reproduce the issue:

foo/package.json

{
  "name": "foo"
}

.pnpmfile.cjs

module.exports = {
  hooks: {
    readPackage(pkg, ctx) {
      pkg.dependencies = {
        lodash: "*"
      };
      return pkg;
    }
  }
}

pnpm-workspace.yaml

packages:
  - foo
  1. pnpm i --lockfile-only to generate pnpm-lock.yaml
  2. pnpm i --lockfile-only to trigger package.json mutation bug

Expected behavior:

pnpm-lock.yaml and package.json which have invalid state are updated.

Actual behavior:

pnpm-lock.yaml and all package.json modified in readPackage hook are updated with changes from readPackage.

Note that this behavioural difference is different from running pnpm install alone.

Additional information:
@Silic0nS0ldier
Copy link
Sponsor Contributor Author

I'm still not sure why pnpm-lock.yaml is required for the bug to manifest, but I did manage to fix the issue. I'll have a PR up later today.

@Silic0nS0ldier Silic0nS0ldier mentioned this issue Nov 24, 2022
Merged
zkochan pushed a commit that referenced this issue Nov 26, 2022
@Silic0nS0ldier
fix: --lockfile-only and readPackage hook modifying workspace pac…
868f2fb 
…kages (#5678)

close #5670
@zkochan zkochan added this to the v7.17 milestone Dec 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
v7.17
Development

Successfully merging a pull request may close this issue.

fix: --lockfile-only and readPackage hook modifying workspace packages Silic0nS0ldier/pnpm
2 participants
@zkochan @Silic0nS0ldier