Yarn: `yarn` should not write lockfile

Created on 24 Nov 2016  路  6Comments  路  Source: yarnpkg/yarn

The default behavior of yarn should not be to overwrite the lockfile. Follow up for https://github.com/yarnpkg/yarn/issues/1576#issuecomment-262220595

Reproduce 

git clone [email protected]:vega/vega-lite.git
cd vega-lite
git checkout e430254
yarn
git status

As you can see, the yarn.lock has been overwritten. 

HEAD detached at e430254
Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git checkout -- <file>..." to discard changes in working directory)

    modified:   yarn.lock

no changes added to commit (use "git add" and/or "git commit -a")

I would expect that the yarn.lock file stays untouched.

I'm running yarn v0.17.4.

picture domoritz
👍3

Most helpful comment

Thank you @bestander! That makes complete sense. I don't have the time right now to work on a pr but I'm in favor of showing some kind of explanation.

picture domoritz on 27 Nov 2016
👍4

All 6 comments

I agree, I noticed the same thing and almost filled an issue before finding this one: by default it should behave like with the --pure-lock option.
This is more conservative and ensure that by default, a project works exactly as expected by its developers.

victornoel picture victornoel on 25 Nov 2016

See #570.

sebmck picture sebmck on 25 Nov 2016

@kittens do you realize that @domoritz created this issue because @bestander asked him to do it in #1576, which was created as the result of discussions in #570? :)

victornoel picture victornoel on 25 Nov 2016

As I understand, @kittens created a fix in https://github.com/yarnpkg/yarn/pull/364 so that the lockfile is only written if there exists a version in the lockfile that does not satisfy a version from the package.json. This seems like exactly the expected behavior and I'm not sure whether this is the case in the example above. I should check.

@kittens Given the confusion about this behavior, do you think you can show an explanation in the status message why a lockfile was written? Something along the lines of "Overwrote lockfile because 3 packages didn't satisfy the version in package.json."

domoritz picture domoritz on 25 Nov 2016
👍1

@domoritz, this is expected behavior.
If package.json had changes that yarn.lock does not reflect then a new yarn.lock will be generated and it will rewrite the previous one.
In your case typescript-json-schema@~0.3.2 from package.json is not reflected in the current yarn.lock.

We probably should output the reason why it rewrites yarn.lock(https://github.com/yarnpkg/yarn/blob/master/src/cli/commands/install.js#L533), feel free to send a PR.

bestander picture bestander on 27 Nov 2016

Thank you @bestander! That makes complete sense. I don't have the time right now to work on a pr but I'm in favor of showing some kind of explanation.

domoritz picture domoritz on 27 Nov 2016
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Ambroos picture Ambroos  路  3Comments
ocolot picture ocolot  路  3Comments
seansfkelley picture seansfkelley  路  3Comments
sanex3339 picture sanex3339  路  3Comments
esphen picture esphen  路  3Comments