当 package.json 和 yarn.lock 不同步时,如何让 yarn 安装失败?
How to have yarn fail on yarn install when package.json and yarn.lock are out of sync?
在一个项目中,我用 yarn 替换了 npm 以获得它的好处,并且还通过 yarn.lock.
强制我们的依赖项被锁定。
现在,开发人员使用 npm@4 添加了一个库,它只更改了 package.json,当然没有更改 yarn.lock。
我本以为 yarn install 命令会在构建服务器上崩溃,但 yarn 有——对我来说意想不到的行为——将这些库添加到它们的最新版本,然后更新 yarn.lock 在遥控器上:
$ yarn install
[1/4] Resolving packages...
[2/4] Fetching packages...
warning fsevents@1.1.2: The platform "linux" is incompatible with this module.
info "fsevents@1.1.2" is an optional dependency and failed compatibility check. Excluding it from installation.
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 5.07s.
这与 yarn 的目的相矛盾,因为构建作业不会将 yarn.lock 推回存储库,也不应该。
我希望每个开发人员都对他们正在签入的版本负责。
因此,如果 package.json 和 yarn.lock 不同步,有没有办法让 yarn install 退出并显示错误代码?
您需要 --frozen-lockfile 参数:
$ yarn install --frozen-lockfile
yarn install v0.27.5
warning ../package.json: No license field
[1/4] Resolving packages...
error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.
中也明确指出了这一点
yarn install
Install all the dependencies listed within package.json
in the local node_modules folder.
The yarn.lock file is utilized as follows:
- If yarn.lock is present and is enough to satisfy all the dependencies
listed in package.json, the exact versions recorded in yarn.lock are
installed, and yarn.lock will be unchanged. Yarn will not check for
newer versions.
- If yarn.lock is absent, or is not enough to satisfy
all the dependencies listed in package.json (for example, if you
manually add a dependency to package.json), Yarn looks for the newest
versions available that satisfy the constraints in package.json. The
results are written to yarn.lock.
If you want to ensure yarn.lock is not updated, use --frozen-lockfile.
在一个项目中,我用 yarn 替换了 npm 以获得它的好处,并且还通过 yarn.lock.
现在,开发人员使用 npm@4 添加了一个库,它只更改了 package.json,当然没有更改 yarn.lock。
我本以为 yarn install 命令会在构建服务器上崩溃,但 yarn 有——对我来说意想不到的行为——将这些库添加到它们的最新版本,然后更新 yarn.lock 在遥控器上:
$ yarn install
[1/4] Resolving packages...
[2/4] Fetching packages...
warning fsevents@1.1.2: The platform "linux" is incompatible with this module.
info "fsevents@1.1.2" is an optional dependency and failed compatibility check. Excluding it from installation.
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 5.07s.
这与 yarn 的目的相矛盾,因为构建作业不会将 yarn.lock 推回存储库,也不应该。
我希望每个开发人员都对他们正在签入的版本负责。
因此,如果 package.json 和 yarn.lock 不同步,有没有办法让 yarn install 退出并显示错误代码?
您需要 --frozen-lockfile 参数:
$ yarn install --frozen-lockfile
yarn install v0.27.5
warning ../package.json: No license field
[1/4] Resolving packages...
error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.
yarn installInstall all the dependencies listed within package.json in the local node_modules folder.
The
yarn.lockfile is utilized as follows:
- If yarn.lock is present and is enough to satisfy all the dependencies listed in package.json, the exact versions recorded in yarn.lock are installed, and yarn.lock will be unchanged. Yarn will not check for newer versions.
- If yarn.lock is absent, or is not enough to satisfy all the dependencies listed in package.json (for example, if you manually add a dependency to package.json), Yarn looks for the newest versions available that satisfy the constraints in package.json. The results are written to yarn.lock.
If you want to ensure yarn.lock is not updated, use
--frozen-lockfile.