Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The includeDevDependencies option results in incorrect lockfile #120

Open
RDeluxe opened this issue Jan 6, 2025 · 3 comments
Open

The includeDevDependencies option results in incorrect lockfile #120

RDeluxe opened this issue Jan 6, 2025 · 3 comments

Comments

@RDeluxe
Copy link

RDeluxe commented Jan 6, 2025

  • PNPM 9
  • node 22

I've got an app A which uses B as a dependency (using pnpm workspace).
I need the devDeps of A to be included in my CI, so I used the includeDevDependencies flag. The deps are correctly kept in package.json and pnpm-lock.yaml

However, the devDependencies of B are also kept in the pnpm-lock.yaml, but are not kept in B's package.json.

Creating a isolate.config.json file with {includeDevDependencies: true} in B does not change this behaviour.

I guess the most simple choice would be to trim all devDependencies except those of the isolated package in pnpm-lock.yaml?

@0x80
Copy link
Owner

0x80 commented Jan 6, 2025

@RDeluxe The feature was aimed solely at keeping the dev dependencies for you main package (A).

I struggle to see the use-case for needing dev dependencies for sub-dependencies.

As far as the lockfile goes, I suspect it was just easy to keep all the dev dependencies in there. I personally do not see the problem with having them in the lockfile.

Could you elaborate on why you need the dev dependencies from your internal / sub-dependencies?

@RDeluxe
Copy link
Author

RDeluxe commented Jan 6, 2025

Hello!

I agree, I feel like it should only keep the devDeps of the main package.

But having all devDeps in the lock file will throw a "frozen lockfile error" with PNPM in CI, which forces me to regenerate a lockfile before install. That partially defeats the purpose of isolating my package.

@0x80
Copy link
Owner

0x80 commented Jan 7, 2025

Ah right, yes it definitely isn't supposed to cause a frozen lockfile error. Seems like this feature was not properly tested at the time, and possibly you are the first to use it 😄

@0x80 0x80 changed the title includeDevDependencies includes deps devDependencies in lockfile but removes them from package.json The includeDevDependencies option results in incorrect lockfile Jan 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants