denoland
Convert package-lock.json or yarn.lock to deno.lock
Discussed in https://github.com/denoland/deno/discussions/25814
Originally posted by alexgleason September 23, 2024 I have a node project with a lot of dependencies that I will finally move to Deno for 2.0.
But Deno creates a new deno.lock from my package.json, essentially upgrading 180 packages at once.
I have a yarn.lock. I can convert between yarn.lock and package-lock.json. Can I convert either to deno.lock?
This is currently not possible, but something we discussed internally and can happen after 2.0.
Looks like other tools do it by having the user create the node_modules from the old packager first, and then run the tool to generate the new lockfile from the existing node_modules: https://github.com/imsnif/synp
I thought maybe deno install should just do that if there's a node_modules and no deno.lock, but I saw pnpm has a dedicated pnpm import subcommand to achieve it.
Looks like bun does convert package-lock.json to it's own bun.lock... would be nice to see this as a feature parity. For a work project...
- Clean
bun install, 48s - converted package-lock.json to bun.lock - With bun.lock, clean node_modules, 19s
- Clean with
deno install --allow-scripts, 1m20s - with deno.lock, clean node_modules, 20s
Note: local security sotware may interfere with results.
Converting sounds like a good feature to me but I think having the opposite should take priority to have deno work with package-lock.json as part of its Node compatibility for interoporability reasons (e.g. https://github.com/denoland/deno/issues/26788).
