Incorrect usage of npm ci in pnpm scenarios.

[joshwlewis]

For builds that have a pnpm-lock.yaml (and no other lockfiles), but don't have a packageManager field in package.json, the current heroku/nodejs buildpack attempts to install dependencies with npm ci. Not only is this using the wrong package manager, it's also attempting to fetch dependencies without a lockfile.

Potentially, there are a few ways to fix this:

• Introduce a heroku/pnpm-engine buildpack that could install pnpm in the same manner as our heroku/npm-engine buildpack. That would allow us to provide a pnpm installation using engines.pnpm from package.json, or perhaps provide a default pnpm.
• Add a check into the heroku/npm-install buildpack to throw an error message if there is lockfile from another package manager (like pnpm-lock.yaml). Something like "Detected pnpm-lock.yaml. If you wish to use pnpm, add packageManager: "[email protected]" to your package.json".
• Add a check into the heroku/npm-install buildpack to throw an error message if there isn't a package-lock.json. Something like "We detected npm, but found no package-lock.json. Please run npm i, commit the package-lock.json, and try again".