turbo icon indicating copy to clipboard operation
turbo copied to clipboard

Published 20 hours ago verified publisher icon vercel

Cross-platform package-lock.json

Open jlarmstrongiv opened this issue 2 years ago • 4 comments

What version of Turborepo are you using?

1.2.16

What package manager are you using / does the bug impact?

npm

What operating system are you using?

Linux, MacOS

Describe the Bug

NPM has problems with lockfiles with platform-specific optional dependencies.

Simply put, npm install on macOS vs Linux generates different package.json files.

This issue affects a small subset of platform-specific optional packages, e.g. fsevents, @next/swc-<platform>, and turbo-<platform>.

I want turbo to automatically detect and patch my package-lock.json file, like @next/swc does. See:

  • https://github.com/vercel/next.js/blob/c947abb43987347e3e75a28d20cace0eabc607e6/packages/next/lib/patch-incorrect-lockfile.ts

Unfortunately, this issue has plagued npm for a while:

  • https://github.com/npm/npm/issues/17722
  • https://github.com/npm/cli/issues/4828

Expected Behavior

npm ci --include=dev --include=optional --include=peer with turbo works regardless of which operating system npm install is run on.

To Reproduce

  • On one platform, run npm install in a turbo monorepo to generate a package-lock.json file
  • On another platform, run npm ci --include=dev --include=optional --include=peer in a turbo monorepo and try running npx turbo

The workaround is to run npm install on every platform you run your project, every time you regenerate the package-lock.json

jlarmstrongiv avatar Jun 04 '22 18:06 jlarmstrongiv

npm as an ecosystem does poorly with architecture/OS as it isn't a core part of the functionality. It has been an issue since forever. https://github.com/npm/npm/issues/17722

That Turborepo is abusing npm and a post-install script to make sure you get the correct architecture is a hack.

I have two workarounds for you:

  • Install turbo globally instead of as a project dependency. (This is in line with the direction we're heading.)
  • Check out Yarn or pnpm.

As for patching, we could attempt to patch a lockfile from npm here: https://github.com/vercel/turborepo/blob/main/cli/npm/turbo-install/install.js

This is certainly possible, but it is not a high priority task for us at this time.

nathanhammond avatar Jun 13 '22 12:06 nathanhammond

Had issues with using dev dependencies in my build scripts too. Could only solve them by migrating from npm to pnpm as suggested by @nathanhammond . Thanks for your help!

flogy avatar Jul 03 '22 18:07 flogy

@flogy

You can also run npm install on both mac and linux—the key is keeping the same lockfile.

A non-recommended way would be to install the turbo dependencies specifically, e.g. turbo-linux-64

jlarmstrongiv avatar Jul 04 '22 23:07 jlarmstrongiv

Related https://github.com/vercel/turborepo/issues/1126

jlarmstrongiv avatar Jul 07 '22 02:07 jlarmstrongiv

Related https://github.com/vercel/turbo/issues/3317

amercier avatar Mar 10 '23 07:03 amercier

Closing and locking this. If you encounter this after following steps in this and linked issues, please file a new issue!

nathanhammond avatar Mar 14 '23 16:03 nathanhammond