Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unresolvable packages in optionalDependencies lead to misleading ERR_PNPM_OUTDATED_LOCKFILE  #3960

Open
fatso83 opened this issue Nov 8, 2021 · 5 comments
Open

Unresolvable packages in optionalDependencies lead to misleading ERR_PNPM_OUTDATED_LOCKFILE  #3960

fatso83 opened this issue Nov 8, 2021 · 5 comments
Labels
type: bug
Projects
Status

Comments

@fatso83
Copy link

fatso83 commented Nov 8, 2021
edited

The basic issue here is that the error message given by pnpm is misleading when running on a CI; indicating that the lock file has not been updated after changing package.json. When then subsequently running pnpm install locally there are no changes/diff, so it is up to date. The real error is something related to the lock file, but it is not that it is out of sync with the package.json (see details).

The error message sent us on a wild goose chase for quite a while, as we were unable to reproduce the issue, until I found #2378 and checked the source code, which made me understand what was different on the TeamCity server.

Do note that the warning you get when installing locally does make more sense, but not enough for us to understand that the version number was off 😃 "... and failed compatibility check. Excluding it from installation." should rather be something like "Cannot resolve chokidar-cli version 30000.0.0. Excluding from installation".

pnpm version: 6.3 - 6.20 (@latest) (all versions tried)

Code to reproduce the issue:

Create a temporary dir with a package.json of this content:

{
  "name": "test-optional",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "optionalDependencies": {
    "chokidar-cli": "^30000.0.0"
  }
}

See that you get the following output when installing it:

# install the deps, creating the lock file
$ npx pnpm i
npx: installerte 1 på 1.751s
info: chokidar-cli@^30000.0.0 is an optional dependency and failed compatibility check. Excluding it from installation.
Already up-to-date

# verify error message is wrong when CI=true
$ CI=true npx pnpm i
npx: installerte 1 på 0.937s
Lockfile is up-to-date, resolution step is skipped
 ERR_PNPM_OUTDATED_LOCKFILE  Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up-to-date with package.json

Expected behavior:

An error message telling me the version of the chokidar-cli package is not resolvable.

Actual behavior:

 ERR_PNPM_OUTDATED_LOCKFILE  Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up-to-date with package.json

Additional information:

  • node -v prints: 14.18 (16 also tried)
  • macOS and Linux tried
@zysim
Copy link

zysim commented Dec 4, 2021

@fatso83 are you using Dependabot? I was facing this same issue too, and - thanks to @erunks - my problem was because Dependabot doesn't support PNPM yet

@fatso83
Copy link
Author

fatso83 commented Dec 4, 2021

@zysim No.

@zysim
Copy link

zysim commented Dec 5, 2021

Ah, then I wouldn't know now. Hope the PNPM team knows better :P

@shellscape
Copy link
Contributor

shellscape commented Mar 29, 2022
edited

@zkochan I believe the issue I DM'd you about today is related to this. In my case, including a linked dependency fails in CI but succeeds locally with pnpm install --frozen-lockfile. Dependency shape looks like:

"dependencies": {
    "@refreshing/config": "link:../../packages/config",
    "@refreshing/log": "link:../../packages/log",
    "@refreshing/service-tools": "link:../../packages/service-tools",
    "source-map-support": "^0.5.19"
  },

When I removed all link: and swapped to workspace: the error ceased. (I have to use link for the CDK build process I'm using).

What's wild about this particular error is the messaging:

Lockfile is up-to-date, resolution step is skipped
 ERR_PNPM_OUTDATED_LOCKFILE  Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up-to-date with services/svc-api/package.json

Lockfile is confirmed up to date and then immediate errors that it's out of date.

@zkochan
Copy link
Member

zkochan commented Mar 29, 2022

@shellscape something must differ. It doesn't make sense that it works locally but fails in CI.

@zkochan zkochan added this to Priority in Status Mar 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
Status
Status: Priority
Status
Priority
Milestone
No milestone
Development

No branches or pull requests
4 participants
@shellscape @fatso83 @zkochan @zysim