在一个项目中,我已经用纱线取代了npm以获得它的好处,并且通过yarn.lock
锁定了我们的依赖关系。
现在,开发人员添加了一个带有npm @ 4的库,它只更改了package.json,当然不是yarn.lock。
我本来期望yarn install
命令在构建服务器上崩溃,但是纱线有 - 我意外的行为 - 在最新版本中添加这些库然后更新yarn.lock遥控器:
$ yarn install
warning ../package.json: No license field
[1/4] Resolving packages...
[2/4] Fetching packages...
warning fsevents@1.1.2: The platform "linux" is incompatible with this module.
info "fsevents@1.1.2" is an optional dependency and failed compatibility check. Excluding it from installation.
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 5.07s.
这除了我打算的目的之外,因为构建作业不会将yarn.lock推回到存储库。我希望每个开发人员都对他们正在检查的版本负责。
因此,如果package.json和yarn.lock不同步,是否有办法让yarn install
退出错误代码?
答案 0 :(得分:1)
您需要--frozen-lockfile
参数:
$ yarn install --frozen-lockfile
yarn install v0.27.5
warning ../package.json: No license field
[1/4] Resolving packages...
error Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.