eliza icon indicating copy to clipboard operation
eliza copied to clipboard
verified publisher icon elizaOS

pnpm install updates pnpm lockfile when it should not

Open monilpat opened this issue 1 year ago • 1 comments

Describe the bug

The pnpm install command is incorrectly updating the lock file during installations, leading to potential inconsistencies in dependency versions across different environments. This behavior can cause unexpected issues when deploying or running the application, as the installed packages may not match the versions specified in the lock file.

To Reproduce

  1. Clone the repository.
  2. Run the command pnpm install without the --frozen-lockfile option.
  3. Observe that the pnpm-lock.yaml file is updated with new versions of dependencies, even if they are not specified in the package.json.

Expected behavior

The pnpm install command should respect the --frozen-lockfile option, preventing any updates to the lock file. This ensures that the installed dependencies match the versions specified in the pnpm-lock.yaml file, maintaining consistency across different environments.

Screenshots

Additional context

This issue was addressed in a recent commit that added the --frozen-lockfile option to various installation commands in the project, including in the GitHub workflows, Dockerfile, and scripts. The explicit update script was also introduced to allow updates without the frozen lock file option, ensuring that developers can manage dependencies more effectively without risking unintended changes to the lock file.

monilpat avatar Dec 15 '24 17:12 monilpat