9

Below is the description of the issue:-

Expected behaviour is to have a package-lock.json file generated for every package in packages folder.

Current Behaviour My current project structure look like:-

packages/internal-package-1/package.json
packages/internal-package-2/package.json
packages/internal-package-3/package.json
lerna.json
package.json
package-lock.json

Right now as shown above there is only one package-lock.json file which is generated for . the entire project and it only contains the dependency which in top package.json file.

My expectation was that for every package.json file corresponding package-lock.json should be generated but that is not the case. Furthermore, the top package-lock.json file only contains the dependencies in the top package.json and not the all the dependencies which are declared in evey package.json file.

Now, if we try to consume for example internal-package-1 in a different project that as there is no lock file for this package , latest version of the dependencies gets downloaded which is not the expected behaviour.

Possible Solution Possible solution or expectation is to have a lock file generated for every package.

lerna.json

{
  "packages": [
    "packages/*",
    "packages/Foundation/src/SampleNestedModule"    
  ],
  "version": "0.0.0"
}

This issue is affecting us because as the lock file is not generated for every package and if i try to consume the internal-package-1 in a different project then locked dependency are not getting downloaded but the latest version of them gets downloaded.

We are hoisting the dependency hence we have modified our npm install script as below:- "install": "lerna bootstrap --hoist" , this correctly hoists the dependency but does not generate the lock file for individual package.

Executable Version

lerna --version 3.17.0
npm --version   6.10.1
yarn --version  Not using yarn
node --version  10.16.0
| OS | Version |
MACOS
| NAME | VERSION |
| macOS Catalina | 10.15.2 |

Below are some of the post regarding same which i have already looked into-

  1. https://github.com/lerna/lerna/issues/1462
  2. https://github.com/lerna/lerna/issues/2105

Thanks, Vishesh.

Vishesh
  • 3,599
  • 4
  • 22
  • 36

1 Answers1

2

I couldn't find a concrete solution to generate lock files for all packages. I mean there are ways but, everything is increasing the installing time to very high. Below are 2 ways to generate package-lock.json file for all packages:-

  1. Directly use lerna bootstrap without --hoist flag ------- This does generate lock file but increases the install time way to high.

  2. Use "lerna exec -- npm i" ------ This will generate the lock file but "install" times are way higher not a viable solution with 25 packages in my repository.

As above 2 solutions were taking way to much time hence i considered them as not a feasible solution for large repos hence, i came up with a third way or i would call it a workaround , this is also not the cleaneast solution but does the job with very slight increase in installation time.

Create a npm script in all your packages which would generate only package-lock file without installation which would be something like below:- "genPackagelock": "npm i --package-lock-only"

In you root package.json file as part of postinstall call the above defined script for all the packages as below:- "postinstall": "lerna run --parallel genPackagelock"

The above "postinstall" basically generates package-lock.json file for all the packages along with the internal dependencies.

Vishesh
  • 3,599
  • 4
  • 22
  • 36
  • I've had a look at trying this but had a problem. npm i --package-lock-only fails for me because the pacakge has an internal dependency. npm i is trying to resolve that but its not published yet. – Real World Jun 16 '22 at 09:14