Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make install pure by default #1313

Closed
wants to merge 1 commit into from
Closed

Conversation

eliihen
Copy link

@eliihen eliihen commented Oct 20, 2016

Summary

This adresses the discussion found in #570, where the general consensus was that yarn install should not be a mutating action by default, like it is today. The argument is that a simple install should not mutate the lockfile without a flag. The PR does the following:

  • yarn install will no longer write to the lockfile by default
  • When yarn install is run, if a yarn.lock does not already exist, one will be created
  • --pure-lockfile is removed
  • --write-lockfile is added to yarn install if you want the old behaviour
  • yarn add, yarn remove and yarn upgrade will use --write-lockfile by default, as they are mutating actions, so no change to behaviour here.

Fixes #570

Test plan

Note that the lockfile below only changes when --write-lockfile is provided. This is not the case with the current release. Today yarn will write the lockfile by default unless --pure-lockfile is provided.

fenrir :: ~/workspace/diverse % mkdir test
fenrir :: ~/workspace/diverse % cd test
fenrir :: workspace/diverse/test % yarn init --yes
fenrir :: workspace/diverse/test % yarn add left-pad@1.0.0                                                         
yarn add v0.16.1
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency
└─ left-pad@1.0.0
Done in 1.03s
fenrir :: workspace/diverse/test % sed -i 's/"left-pad": "1.0.0"/"left-pad": "^1.0.0"/' package.json
fenrir :: workspace/diverse/test % cat package.json                                                                
{
  "name": "test",
  "version": "1.0.0",
  "main": "index.js",
  "license": "MIT",
  "dependencies": {
    "left-pad": "^1.0.0"
  }
}
fenrir :: workspace/diverse/test % cat yarn.lock                                                                   
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
left-pad@1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/left-pad/-/left-pad-1.0.0.tgz#c84e2417581bbb8eaf2b9e3d7a122e572ab1af37"
fenrir :: workspace/diverse/test % yarn --force                                                                    
yarn install v0.16.0
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Rebuilding all packages...
Done in 0.41s.
fenrir :: workspace/diverse/test % cat yarn.lock                                                                   
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


left-pad@1.0.0:
  version "1.0.0"
  resolved "https://registry.yarnpkg.com/left-pad/-/left-pad-1.0.0.tgz#c84e2417581bbb8eaf2b9e3d7a122e572ab1af37"

fenrir :: workspace/diverse/test % yarn --force --write-lockfile                                                   
yarn install v0.16.0
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Rebuilding all packages...
success Saved lockfile.
Done in 1.39s.
fenrir :: workspace/diverse/test % cat yarn.lock                                                                   
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


left-pad@^1.0.0:
  version "1.1.3"
  resolved "https://registry.yarnpkg.com/left-pad/-/left-pad-1.1.3.tgz#612f61c033f3a9e08e939f1caebeea41b6f3199a"

@101100
Copy link

101100 commented Oct 27, 2016

I like this option and agree that it should be the default. I have one request: deprecate the --pure-lockfile flag over a few releases so that using it produces a warning rather than an error. This will give everyone time to update any scripts that are in use with less headaches.

@eliihen
Copy link
Author

eliihen commented Oct 27, 2016

I've had the same thoughts, @101100, and I agree. Once I get a confirmation that the project is willing to consider merging this, I'll bring the branch up to date and re-add --pure-lockfile, making it a no-op so that people's stuff does not needlessly break.

@sebmck
Copy link
Contributor

sebmck commented Oct 27, 2016

Please note that this PR is contingent on the discussion in #570 and wont be merged anytime soon.

@eliihen
Copy link
Author

eliihen commented Oct 30, 2016

The project has decided they do not wish to pursue this direction, so I am closing this PR

@eliihen eliihen closed this Oct 30, 2016
@jamiebuilds
Copy link
Contributor

jamiebuilds commented Oct 30, 2016

Before this PR gets confused comments, let me direct everyone to my comments over here:

Before going into that issue, please note that a lot of the responses are confused about the change this makes. Yarn installs do result in consistent results already, the use cases for --pure-lockfile are extremely narrow, and yarn is being consistent with other package managers like Bundler and Cargo (see Cargo's --frozen flag, it works the same as --pure-lockfile and is not turned on by default).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

make --pure-lockfile default for install
4 participants