[英]How to have yarn fail on yarn install when package.json and yarn.lock are out of sync?
On a project I have replaced npm with yarn to get the benefits of it, and also enforce our dependencies are locked in via the yarn.lock
.在一个项目中,我用 yarn 替换了 npm 以获得它的好处,并强制我们通过
yarn.lock
锁定我们的依赖yarn.lock
。
Now, a developer added a library with npm@4, which only changed the package.json
, and not of course the yarn.lock
.现在,开发人员添加了一个带有 npm@4 的库,它只更改了
package.json
,当然没有更改yarn.lock
。
I would have expected the yarn install
command to crash on the build server, yet yarn has the--to me unexpected behavior--of adding those libraries in their most current version and then updating the yarn.lock
on the remote:我原以为
yarn install
命令会在构建服务器上崩溃,但是 yarn 有 - 对我来说意外的行为 - 在它们的最新版本中添加这些库,然后更新远程上的yarn.lock
:
$ yarn install
[1/4] Resolving packages...
[2/4] Fetching packages...
warning fsevents@1.1.2: The platform "linux" is incompatible with this module.
info "fsevents@1.1.2" is an optional dependency and failed compatibility check. Excluding it from installation.
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 5.07s.
This contradicts yarn's purpose, as the build job does not push the yarn.lock
back to the repository nor should it.这与 yarn 的目的相矛盾,因为构建作业不会将
yarn.lock
推送回存储库,也不应该将其推送回存储库。
I want each developer to be responsible of the version they are checking in.我希望每个开发人员对他们签入的版本负责。
Hence, is there a way to have yarn install
exit with an error code if the package.json
and yarn.lock
are out of sync?因此,如果
package.json
和yarn.lock
不同步,有没有办法让yarn install
退出并显示错误代码?
You want the --frozen-lockfile
parameter:您需要
--frozen-lockfile
参数:
$ yarn install --frozen-lockfile
yarn install v0.27.5
warning ../package.json: No license field
[1/4] Resolving packages...
error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.
This was also recently made clear in the docs for yarn install :最近在yarn install的文档中也明确说明了这一点:
yarn install
Install all the dependencies listed within package.json in the local node_modules folder.
将 package.json 中列出的所有依赖项安装在本地 node_modules 文件夹中。
The
yarn.lock
file is utilized as follows:yarn.lock
文件的使用方式如下:
- If yarn.lock is present and is enough to satisfy all the dependencies listed in package.json, the exact versions recorded in yarn.lock are installed, and yarn.lock will be unchanged.
如果 yarn.lock 存在并且足以满足 package.json 中列出的所有依赖项,则安装 yarn.lock 中记录的确切版本,而 yarn.lock 将保持不变。 Yarn will not check for newer versions.
Yarn 不会检查更新的版本。
- If yarn.lock is absent, or is not enough to satisfy all the dependencies listed in package.json (for example, if you manually add a dependency to package.json), Yarn looks for the newest versions available that satisfy the constraints in package.json.
如果 yarn.lock 不存在,或者不足以满足 package.json 中列出的所有依赖项(例如,如果您手动向 package.json 添加依赖项),则 Yarn 会查找满足 package 中约束的最新可用版本.json。 The results are written to yarn.lock.
结果写入yarn.lock。
If you want to ensure yarn.lock is not updated, use
--frozen-lockfile.
如果要确保不更新
--frozen-lockfile.
,请使用--frozen-lockfile.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.