Skip to content

fix: lockfile not frozen when prefer-frozen-lockfile is set to true in .npmrc #9072

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: lockfile not frozen when prefer-frozen-lockfile is set to true in .npmrc #9072

wants to merge 1 commit into from

Conversation

fa93hws
Copy link

@fa93hws fa93hws commented Feb 10, 2025
edited
Loading

When pnpm lock file is outdated
pnpm i --frozen-lockfile -> ERR_PNPM_OUTDATED_LOCKFILE
CI=1 pnpm i --frozen-lockfile -> ERR_PNPM_OUTDATED_LOCKFILE

However, after
echo prefer-frozen-lockfile=true > .npmrc
pnpm i --frozen-lockfile -> ERR_PNPM_OUTDATED_LOCKFILE
CI=1 pnpm i --frozen-lockfile -> no error

This issue can be reproduced in https://github.com/fa93hws/pnpm-freeze-lockfile-reproduce
After checking out

  • pnpm install --frozen-lockfile failed
  • CI=1 pnpm install success
  • CI=1 pnpm install failed after git reset --hard and comment out prefer-frozen-lockfile=true

After taking a look at the code, it's caused by checking whether the corresponding config is undefined or not. So even the value is set to true explicitly in .npmrc, it's treated as false when deciding whether to freeze lockfile...

@fa93hws fa93hws requested a review from zkochan as a code owner February 10, 2025 05:43
@welcome Welcome
Copy link

welcome bot commented Feb 10, 2025

💖 Thanks for opening this pull request! 💖
Please be patient and we will get back to you as soon as we can.

fa93hws
fa93hws commented Feb 10, 2025
View reviewed changes
__utils__/tsconfig/tsconfig.json
@@ -12,7 +12,8 @@
"removeComments": false,
"sourceMap": true,
"strict": true,
"target": "es2021"
"target": "es2021",
"skipLibCheck": true
Copy link
Author

@fa93hws fa93hws Feb 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No idea why it kept complaining jest error 🤷 . I can't push to remote without it, feel free to remove before merging.

../../../../node_modules/.pnpm/@types+mocha@2.2.48/node_modules/@types/mocha/index.d.ts:66:18 - error TS2300: Duplicate identifier 'afterEach'.

66 declare function afterEach(description: string, callback: (this: Mocha.IBeforeAndAfterContext, done: MochaDone) => any): void;

fa93hws
fa93hws commented Feb 10, 2025
View reviewed changes
pkg-manager/plugin-commands-installation/src/install.ts
Comment on lines +337 to +338
opts.rawLocalConfig['frozen-lockfile'] !== false &&
opts.rawLocalConfig['prefer-frozen-lockfile'] !== false
Copy link
Author

@fa93hws fa93hws Feb 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when prefer-frozen-lockfile is set to anything other than true or false, it will be treated as the default value which is true.
default value for frozen-lockfile is true on CI as well. Otherwise it will return false anyway.

@zkochan
Copy link
Member

zkochan commented Feb 14, 2025

TBH, I am a bit afraid of these changes as we already had many issues related to this. We might need to do a bigger refactor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zkochan zkochan Awaiting requested review from zkochan zkochan is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fa93hws @zkochan