lerna-update-wizard icon indicating copy to clipboard operation
lerna-update-wizard copied to clipboard
verified publisher icon Anifacted

Wizard saved dependencies don't match wizard prompt

Open matthew-dean opened this issue 6 years ago • 6 comments

In this wizard, it will allow you to select either the exact version (e.g. 1.0.1) or a semver variant like ^1.0.1 or ~1.0.1. However, because this script runs --save-dev but does NOT add --save-exact, then no matter if an exact version is specified, it will default to ^1.0.1 because of the way NPM works.

So, currently, there's no way to run lernaupdate and actually output what is selected.

matthew-dean avatar Nov 21 '19 23:11 matthew-dean

Note: I tried lernaupdate --installargs="--save-exact" which seemed to do nothing.

matthew-dean avatar Nov 21 '19 23:11 matthew-dean

Also: because the wizard does not save the dependency correctly, it can repeatedly list the same dependency as having two versions.

For instance, I had something like "grunt-contrib-requirejs": "0.4.4" and "grunt-contrib-requirejs": "^0.4.4". Because I selected 0.4.4 as an exact version, the wizard refused to update it. Then it tried to update the second, but of course, just saved it as ^0.4.4 again. So then when the wizard run again, it was back where it started. Nothing had changed because what the wizard thinks it is doing is different from what it actually does.

matthew-dean avatar Nov 21 '19 23:11 matthew-dean

Thank you for pointing this out, Matthew! This is an important point 👍

One problem seems to be with the absence of --save-exact, as you mention, for when you want to target a specific version.

Another seems to be with the way NPM resolves versions before writing to the package.json and installing the dependency. E.g. running npm i --save "lodash@^3.2.1" will actually write "lodash": "^3.10.1" to the package.json, because it will interpret ^3.2.1 and resolve it to ^3.10.1 which is the last version before 4.0.0. This creates a difference in behavior between normal usage and usage via the --lazy flag.

I will have to think a bit about an optimal solution for this problem.

Anifacted avatar Nov 22 '19 09:11 Anifacted

@Anifacted You may want to consider explicitly installing the exact version, and then writing package.json manually.

In other words, you could do npm i [email protected] --save --save-exact, then open and write over package.json, changing the field value to ^3.2.1. Something like that? Not sure how that affects writing to package-lock.json though.

matthew-dean avatar Nov 22 '19 18:11 matthew-dean

Just another note, which I think is referenced in other issues -- ideally, npm install wouldn't be run at all at the end of batching (or run by default), especially in an environment that's using lerna bootstrap --hoist (like mine). In my use case, I want to update all the relevant package.json files (again, accurately with the exact version specified, if possible), and then run my lerna command to have it prune / link those installs as needed, so it seems like using npm install to update package.json is not ideal on two different counts. i.e. package.json should just be written directly.

matthew-dean avatar Nov 22 '19 18:11 matthew-dean

Note: I tried lernaupdate --installargs="--save-exact" which seemed to do nothing.

lernaupdate --install-args="--save-exact" works for me but the problem is when i run it in the interactive mode, and if i want to select any semver then it wont allow me to override it.

@Anifacted , Is it possible to add --save-exact in case of no semver selected?

shreyashah7 avatar Jul 06 '21 23:07 shreyashah7