Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross-platform package-lock.json #1335

Closed
jlarmstrongiv opened this issue Jun 4, 2022 · 6 comments
Closed

Cross-platform package-lock.json #1335

jlarmstrongiv opened this issue Jun 4, 2022 · 6 comments

Comments

@jlarmstrongiv
Copy link

jlarmstrongiv commented Jun 4, 2022
edited
Loading

What version of Turborepo are you using?

1.2.16

What package manager are you using / does the bug impact?

npm

What operating system are you using?

Linux, MacOS

Describe the Bug

NPM has problems with lockfiles with platform-specific optional dependencies.

Simply put, npm install on macOS vs Linux generates different package.json files.

This issue affects a small subset of platform-specific optional packages, e.g. fsevents, @next/swc-<platform>, and turbo-<platform>.

I want turbo to automatically detect and patch my package-lock.json file, like @next/swc does. See:

Unfortunately, this issue has plagued npm for a while:

Expected Behavior

npm ci --include=dev --include=optional --include=peer with turbo works regardless of which operating system npm install is run on.

To Reproduce

  • On one platform, run npm install in a turbo monorepo to generate a package-lock.json file
  • On another platform, run npm ci --include=dev --include=optional --include=peer in a turbo monorepo and try running npx turbo

The workaround is to run npm install on every platform you run your project, every time you regenerate the package-lock.json
@nathanhammond
Copy link
Contributor

npm as an ecosystem does poorly with architecture/OS as it isn't a core part of the functionality. It has been an issue since forever. npm/npm#17722

That Turborepo is abusing npm and a post-install script to make sure you get the correct architecture is a hack.

I have two workarounds for you:

  • Install turbo globally instead of as a project dependency. (This is in line with the direction we're heading.)
  • Check out Yarn or pnpm.

As for patching, we could attempt to patch a lockfile from npm here: https://github.com/vercel/turborepo/blob/main/cli/npm/turbo-install/install.js

This is certainly possible, but it is not a high priority task for us at this time.

@flogy
Copy link

flogy commented Jul 3, 2022

Had issues with using dev dependencies in my build scripts too. Could only solve them by migrating from npm to pnpm as suggested by @nathanhammond . Thanks for your help!

@jlarmstrongiv
Copy link
Author

@flogy

You can also run npm install on both mac and linux—the key is keeping the same lockfile.

A non-recommended way would be to install the turbo dependencies specifically, e.g. turbo-linux-64

@jlarmstrongiv
Copy link
Author

Related #1126

@amercier
Copy link

Related #3317

@nathanhammond
Copy link
Contributor

Closing and locking this. If you encounter this after following steps in this and linked issues, please file a new issue!

@vercel vercel locked and limited conversation to collaborators Mar 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nathanhammond @flogy @amercier @jlarmstrongiv