当package.json和yarn.lock不同步时，如何使纱线在安装纱线时失败? [英] How to have yarn fail on yarn install when package.json and yarn.lock are out of sync?

问题描述

在一个项目中，我已将npm替换为yarn以获得其好处，并且还强制我们的依赖项通过yarn.lock锁定.

On a project I have replaced npm with yarn to get the benefits of it, and also enforce our dependencies are locked in via the yarn.lock.

现在，开发人员在npm @ 4中添加了一个库，该库仅更改了package.json，当然也没有更改yarn.lock.

Now, a developer added a library with npm@4, which only changed the package.json, and not of course the the yarn.lock.

我本来希望yarn install命令在构建服务器上崩溃，但是yarn具有(对我来说是意外的行为)以最新版本添加这些库，然后更新远程服务器上的yarn.lock. :

I would have expected the yarn install command to crash on the build server, yet yarn has the--to me unexpected behavior--of adding those libraries in their most current version and then updating the yarn.lock on the remote:

$ yarn install
warning ../package.json: No license field
[1/4] Resolving packages...
[2/4] Fetching packages...
warning fsevents@1.1.2: The platform "linux" is incompatible with this module.
info "fsevents@1.1.2" is an optional dependency and failed compatibility check. Excluding it from installation.
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 5.07s.

这不是我想要的目的，因为构建作业不会将yarn.lock推回存储库.我希望每个开发人员都负责他们要签入的版本.

This besides the purpose I intended, as the build job does not push the yarn.lock back to the repository. I want each developer being responsible of the version they are checking in.

因此，如果package.json和yarn.lock不同步，有没有办法使yarn install退出并显示错误代码?

Hence, is there a way to have yarn install exit with an error code if the package.json and yarn.lock are out of sync?

推荐答案

您需要

You want the --frozen-lockfile parameter:

$ yarn install --frozen-lockfile
yarn install v0.27.5
warning ../package.json: No license field
[1/4] Resolving packages...
error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.

最近在文档中关于纱线安装的文档中也明确了这一点:

yarn install

安装package.json中列出的所有依赖项 在本地的node_modules文件夹中.

Install all the dependencies listed within package.json in the local node_modules folder.

yarn.lock文件的用法如下:

• 如果存在yarn.lock并且足以满足所有依赖关系 在package.json中列出，在yarn.lock中记录的确切版本是 安装，yarn.lock将保持不变.纱线不会检查 较新的版本.
• 如果不存在yarn.lock或不足以满足 package.json中列出的所有依赖项(例如，如果您 手动将依赖项添加到package.json)，Yarn查找最新的 满足package.json中约束的可用版本.这 结果被写入yarn.lock.

• If yarn.lock is present and is enough to satisfy all the dependencies listed in package.json, the exact versions recorded in yarn.lock are installed, and yarn.lock will be unchanged. Yarn will not check for newer versions.
• If yarn.lock is absent, or is not enough to satisfy all the dependencies listed in package.json (for example, if you manually add a dependency to package.json), Yarn looks for the newest versions available that satisfy the constraints in package.json. The results are written to yarn.lock.

如果要确保未更新yarn.lock，请使用--frozen-lockfile.

If you want to ensure yarn.lock is not updated, use --frozen-lockfile.

这篇关于当package.json和yarn.lock不同步时，如何使纱线在安装纱线时失败?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！