You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm a new developer that recently started using pnpm. Throughout my journey of learning it. The problem with it has always been around a concept called the lock file. I know that pnpm is meant to be strict. But the surrounding rules have caused me to waste plenty of hours debug them. On 2023-05-21 it took me recently all day to find out that the reason I could not deploy my site was because I was not supposed to install dependencies that are peer dependencies. A few days ago, I was trying to transfer my sites from Vercel to Render. I thought it was the platform's fault. But it wasn't I fought through the issue by going back a few commits then rewriting some of the code that was necessary to finish my project. I did not know what the issue with that project was, I think it had something to do with a dependency I was using.
But either way, I had no idea what was going on with the lock file. Why did it break. I'm not happy about this because I lost several days of my life. But I’m here to make a couple of suggestions. The problem with lock file is that the many reasons why one is broken is not Explicit to the developer at all. I think there are two ways to fix this.
Clearer error messages
A pnpm lockfile command
Clearer error messages
I don't know about the many ways that lock file's can be broken or out of sync. But I'd like to know why. I know that the broken concern is shown, but not the out of sync concern. If a developer installs a different version of a package that is not a match, I'd like to know.
A pnpm lock file command
The idea behind a lock file CLI is to have a command that scan the lock file to see If there are issues with it. When I have a broken lock file or an out of date or a dependency is not installed properly, I'd like to know which reason it is outdated or broken.
I call the command pnpm lockfile scan it looks through the lockfile and finds out which reason the code could be outdated or broken.
For example
Let's say that I installed the wrong dependency in my lockfile I type
pnpm lockfile scan
The command will complete when I get an error it will print out this.
My issue with peer dependencies
LockfileError: Line:45
Message: This package has an installed dep but the dependency is listed as a peer not a dependency in`packages/project/package.json`.
Multiple Entry Problems
LockfileError: Line:45
Message: This lockfile is broken duplicate entry `@babel/core`.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
pnpm
Uh oh!
There was an error while loading. Please reload this page.
-
The Problem with Lockfile Usage
I'm a new developer that recently started using
pnpm. Throughout my journey of learning it. The problem with it has always been around a concept called the lock file. I know that pnpm is meant to be strict. But the surrounding rules have caused me to waste plenty of hours debug them. On 2023-05-21 it took me recently all day to find out that the reason I could not deploy my site was because I was not supposed to install dependencies that are peer dependencies. A few days ago, I was trying to transfer my sites from Vercel to Render. I thought it was the platform's fault. But it wasn't I fought through the issue by going back a few commits then rewriting some of the code that was necessary to finish my project. I did not know what the issue with that project was, I think it had something to do with a dependency I was using.But either way, I had no idea what was going on with the lock file. Why did it break. I'm not happy about this because I lost several days of my life. But I’m here to make a couple of suggestions. The problem with lock file is that the many reasons why one is broken is not Explicit to the developer at all. I think there are two ways to fix this.
pnpm lockfile commandClearer error messages
I don't know about the many ways that lock file's can be broken or out of sync. But I'd like to know why. I know that the broken concern is shown, but not the out of sync concern. If a developer installs a different version of a package that is not a match, I'd like to know.
A pnpm lock file command
The idea behind a lock file CLI is to have a command that scan the lock file to see If there are issues with it. When I have a broken lock file or an out of date or a dependency is not installed properly, I'd like to know which reason it is outdated or broken.
I call the command
pnpm lockfile scanit looks through the lockfile and finds out which reason the code could be outdated or broken.For example
Let's say that I installed the wrong dependency in my lockfile I type
pnpm lockfile scanThe command will complete when I get an error it will print out this.
My issue with peer dependencies
Multiple Entry Problems
LockfileError: Line:45 Message: This lockfile is broken duplicate entry `@babel/core`.Beta Was this translation helpful? Give feedback.
All reactions