I am working on a monorepo with 2 packages, say child and parent, initially not dependent on each other and already published to registry.
However, when I add inter-package dependency, lerna version command fails.
npm workspaces was provided in root package.json
useWorkspaces was provided in lerna.json
All was fine, till I decided to add package parent as dependency of package child.
packages/child/package.json was updated like so:
{
"name": "child",
"version": "0.1.13",
"description": "this package is being updated to depend on parent",
"main": "dist/index.js",
"dependencies": {
"parent": "*" // I added this
}
}
I had updates to both child and parent. Lets say published versions of parent was 0.2.13 and child was 0.1.13 prior to update.
npm install and the symlinks worked.
Build was successful.
During version however, after prompting for version bump with conventional-commits, lerna attempts npm install command and fails due to package parent version 0.2.14 being not available in npm remote registry.
It will not be available, as this version is going to be published only now.
On version command (i am using conventional-commits),
Lerna asked if parent -> 0.2.14 and child -> 0.1.14 was okay, it was..
Lerna updated the package.json of package child to be as follows:
{
"name": "child",
"version": "0.1.14", // lerna changed this
"description": "this package is being updated to depend on parent",
"main": "dist/index.js",
"dependencies": {
"parent": "^0.2.14" // lerna changed this
}
}
Lerna updated the package.json of package parent to be as follows:
{
"name": "parent",
"version": "0.2.14", // lerna changed this
"description": "this package will be dependency of child",
"main": "dist/index.js",
}
Lerna tried to do npm install on both child and parent packages
This fails with reason being package parent version 0.2.14 is not yet available to install, since its just going to be published now.
I followed this https://lerna.js.org/docs/getting-started.
It says
The "header": "*" and "footer": "*" tell Lerna to link the contents of the header and footer as if they were published to the registry.
I was expecting the lerna version command to work and create new version commit and tag as it was doing before I added inter-package dependencies using "*".
Should I be publishing parent first with new version 0.2.14 and then update child to point to this ?
If that is the case, should I always publish parent first whenever there are breaking changes. ?
What is the right way to do this ?
PS: Looks like it fails here: https://github.com/lerna/lerna/blob/main/commands/version/index.js#L634
Should I just remove package-lock.json from root ?
Related
If we try to npm install the jsonpscriptsrc-webpack-plugin npm package along with gulp 4.0.2 to override the jsonpScriptSrc method, we are facing the dependency mismatch issue.
This issue is occurring only if we use the node version 15.0.0 to 15.7.0 and having gulp 4.0.2 in dependency list. For other node versions, it installs the package fine.
package json details
Issue details:
Error details
Replication procedure:
Create a package.json file and copy & paste the below code.
{
"name": "wepack",
"version": "1.1.0",
"license": "SEE LICENSE IN license",
"devDependencies": {
"gulp": "^4.0.2",
"jsonpscriptsrc-webpack-plugin": "^1.0.0"
}
}
Switch the node js version to 15.7.0
Try to npm install inside the package.json file location and you will find the mentioned issue.
I have a private, unpublished NPM package. Let's say it's named foo-test:
{
"name": "foo-test",
"version": "0.0.0",
"license": "MIT",
"private": true,
"scripts": {...},
"dependencies": {...}
}
It's not in the NPM registry, and I've marked it private.
I found out via a security audit that this is "vulnerable to dependency confusion attacks", but I don't know how.
If someone later comes along and publishes a real public package called foo-test to the NPM registry, will that affect my local development against my private package?
That is, let's say there's a real package foo-test#1.0.0 available on npmjs. If I run npm install locally against my own unrelated version of foo-test, will there be any side effects arising from the fact that the local package that I'm building has the same name as a public package on the registry?
I've cloned a monorepo I was working on onto a new dev machine, all packages from the repo have been published already. But when I run lerna changed - it says "assuming all packages changed" and lists all the packages from the repo. And if I run lerna publish from-package - it correctly says that there's nothing to publish.
My lerna.json
{
"packages": [
"packages/*"
],
"command": {
"publish": {
"registry": "https://npm.pkg.github.com/"
}
},
"npmClient": "yarn",
"useWorkspaces": true,
"version": "independent"
}
Any idea why it's doing this and how I can make changed correctly detect only changed packages?
I ended up using lerna ls --since master instead. Since all PRs in our case are done from other branches into master, comparing working branch to master seems to make sense.
I had the same problem. This worked for me:
lerna publish ----include-merged-tags
If I have a monorepo with packageA and packageB, with the latter having a dependency on the former. If I then run lerna version major, for example, resulting in packageA's version number being bumped, does the listing of the dependency on it in packageB's package.json also get bumped automatically, or should that be done manually?
(I tried setting up a test repository to do this, but then Lerna was complaining it didn't have a remote yet, so I'm hoping someone with experience using Lerna knows the answer.)
For the sake of this answer, I'm going to assume you are not using conventional Commits. Please feel free to respond with more specifics if I assume wrong.
TL;DR
Yes, if you run lerna version major _all packages in your repo will be updated to a new major version and the package.json file for packageB will be updated with the new version number for packageA.
Details
Let's say you have your packageA and packageB packages in your monorepo and they have package.json files that look like this:
# packageA/package.json
{
"name": "packageA",
"version": "1.0.0,"
}
# packageB/package.json
{
"name": "packageB",
"version": "1.0.0",
"dependencies": {
"packageA": "^1.0.0"
}
}
When you run `lerna version major:
The version field in packageA/package.json will update to 2.0.0
The version field in packageB/package.json will update to 2.0.0
The dependencies.packageA field in packageB/package.json will update to ^2.0.0
# packageA/package.json
{
"name": "packageA",
"version": "2.0.0,"
}
# packageB/package.json
{
"name": "packageB",
"version": "2.0.0",
"dependencies": {
"packageA": "^2.0.0"
}
}
I forked a NPM module and modified it in my fork. In my fork, the command gulp needs to be run to compile the module. Running this command will output the file ical-expander-dist.js into the dist folder. This file should become part of the fork package.
The adjusted package.json in my fork looks like this:
{
"name": "ical-expander",
"version": "1.1.1",
"description": "ICS / iCal / iCalendar parser / expander",
"main": "dist/ical-expander-dist.js", // adjusted path
"scripts": {
"prepare": "gulp" // added script
},
// [SNIP] - excluded irrelevant lines
"files": [
"dist/ical-expander-dist.js" // adjusted path
]
}
Now I want to make my fork a dependency of another project.
{
"name": "otherproject",
"title": "Other Project",
// [SNIP] - excluded irrelevant lines
"dependencies": {
"ical-expander": "github:haukepribnow/ical-expander"
}
// [SNIP] - excluded irrelevant lines
}
After executing npm install in otherproject's root folder, the path ./node_modules/ical-expander will contain the files LICENSE, README.md and package.json. It will however not contain dist/ical-expander-dist.js.
It looks like the prepare script of my ical-expander fork is not being run during npm install in otherproject.
So my question boils down to: How can I make sure that preparation scripts for compiling my fork are being run when executing npm install in a project that has my fork as one of its dependencies?
Sometimes it's very simple: Make sure to use npm version 5.0.0 or higher.
According to the npm changelog, npm install will run dependencies' prepare scripts correctly from 5.0.0 on.