当package.json和yarn.lock不同步时,如何让纱线安装失败?

时间:2017-08-10 13:21:57

标签: node.js yarnpkg lockfile

在一个项目中,我已经用纱线取代了npm以获得它的好处,并且通过yarn.lock锁定了我们的依赖关系。

现在,开发人员添加了一个带有npm @ 4的库,它只更改了package.json,当然不是yarn.lock。

我本来期望yarn install命令在构建服务器上崩溃,但是纱线有 - 我意外的行为 - 在最新版本中添加这些库然后更新yarn.lock遥控器:

$ yarn install
warning ../package.json: No license field
[1/4] Resolving packages...
[2/4] Fetching packages...
warning fsevents@1.1.2: The platform "linux" is incompatible with this module.
info "fsevents@1.1.2" is an optional dependency and failed compatibility check. Excluding it from installation.
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 5.07s.

这除了我打算的目的之外,因为构建作业不会将yarn.lock推回到存储库。我希望每个开发人员都对他们正在检查的版本负责。

因此,如果package.json和yarn.lock不同步,是否有办法让yarn install退出错误代码?

1 个答案:

答案 0 :(得分:1)

您需要--frozen-lockfile参数:

$ yarn install --frozen-lockfile
yarn install v0.27.5
warning ../package.json: No license field
[1/4] Resolving packages...
error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.