retire.js icon indicating copy to clipboard operation
retire.js copied to clipboard

Published 20 hours ago verified publisher icon RetireJS

Support for yarn workspaces

Open aalmeidatw opened this issue 6 years ago • 5 comments

Retire.js version: (retire --version): 1.3.3

node version: (node --version): 8.11.1

Type: Question

Description:

We are migrating to monorepo, that we are managing with yarn workspaces. We use retire for one of the packages of this monorepo, but some dependencies of this package are in the monorepo node_modules. For example: retire is being used in a script in monorepo/packages/packageA, but some of packageA dependencies are in monorepo/node_modules, not in monorepo/packages/packageA/node_modules, which causes the following error:

Missing version for command-line-args. Need to run npm install ?
Missing version for command-line-commands. Need to run npm install ?
Missing version for command-line-usage. Need to run npm install ?
...

We can use yarn workspaces nohoist, but it would be too verbose since we have to nohoist all the dependencies of the dependency, like the following config in our monorepo's package.json:

    "nohoist": [
      "**/command-line-args/**",
      "**/command-line-args",
      "**/command-line-commands/**",
      "**/command-line-commands",
      "**/command-line-usage/**",
      "**/command-line-usage",
      ...    
     ]

So, 2 questions:

  1. Has anyone faced this issue and came up with a better solution?
  2. Could retire have support for yarn workspaces?

aalmeidatw avatar Jul 09 '18 19:07 aalmeidatw

I’d be happy to accept a pull request to fix this. Installed modules are currently listed using read-installed which is what I gues needs to be replaced with something else.

eoftedal avatar Jul 11 '18 20:07 eoftedal

I've created a pull request that adds retire --lockfile=yarn-workspace. This command automatically detects the workspace directory and uses the supplied yarn.lock file to determine package versions and perform checks.

ameliabradley avatar Aug 28 '18 23:08 ameliabradley

@aalmeidatw Generally issues stay open until a fix has been approved and merged by the project owners. Just in case they disapprove of my fix for some reason, it's clear this is still an existing issue.

ameliabradley avatar Aug 29 '18 15:08 ameliabradley

I am having the same issue as @aalmeidatw. Does the commit f88dccd82edf567b3ca799651f2516f727bc64c0 fix the issue? That brings to the next question, will this commit be merged soon? 🤔

danychi avatar Jan 04 '21 15:01 danychi

I was hesitant to bring it in as the extra dependency required to support yarn brought with in a lot of other dependencies.

Also: Scanning with retire.js for node/npm/yarn will never be as up to date as npm audit, as the quality of the retire.js npm repo is not nearly as good as the one serving npm audit. I have asked for permission to use the npm audit repo in retire, but this request was denied.

eoftedal avatar Jan 05 '21 08:01 eoftedal