-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Separate npm/yarn/pnpm managers #5607
Comments
That's really a challenge, because those managers are somehow equivalent. 🤔 What about using the npm manager to only update add other lock-file manager to update lock files. eg. |
I don’t think it could work with them being separate. One thing that maybe could work is if more than one manager can do the same work and it doesn’t cause a problem |
Ignoring workspaces for now, here is how we would decide whether to extract or not:
Some other thoughts:
|
As @viceice suggested earlier, maybe we could trigger pnpm, yarn and lerna based on their lock/config files instead of Using the "centralized" files like The "npm" manager would then match all |
Would having a way to specify which lock files or managers to use help? |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
I think what we need to do is this:
One possibility I'd thought about was separating out non-locked package.json as manager "npm" and then having locked npm as a different manager like "packagelock" but I think that would be too confusing to people. Ultimately we're best if the package managers are npm, yarn, pnpm. I'm not sure what to do about lerna though. Sometimes it just falls back to Yarn behavior. Maybe the lerna manager can "skip" itself if it can fall back to Yarn, but if it doesn't skip itself then it overrides Yarn using a similar method as how Yarn can override npm. |
A useful question: if we completely dropped lerna awareness today, which functionality would break? Lerna has potentially changed a lot since we first added it. Lerna now supports pnpm (which I don't think we do), however it also looks like none of the Lerna awareness we use (e.g. bootstrap) is used, so maybe it doesn't matter: https://lerna.js.org/docs/recipes/using-pnpm-with-lerna Lerna's documentation implies that useWorkspaces isn't needed anymore, but is supported: https://lerna.js.org/docs/api-reference/configuration#useworkspaces--packages This page implies that |
maybe feature flag lerna support and disable on app. if we get issues we can easily re-enable? |
What would feature flagging mean? I'm leaning towards:
|
Ok, let's do that. feature flag would make things more complicated again. |
It looks like from Lerna v7 onwards it drops the |
this will probably break a lot of lerna users which are not using the latest lerna version? |
Blocked by #23241 |
Here's what we should do to make this separation possible:
|
We are now ignoring Lerna altogether if we detect >=7.0.0. It seems to work fine just by using native npm/pnpm/yarn concepts (no more lerna bootstrap, etc). |
Blocked by #23779 |
The Yarn and pnpm will have their lock files as the fileMatch All managers will use extractAllPackageFiles() and return package.json files (not lock files) npm will:
Yarn/pnpm will:
Renovate then needs to de-duplicate in case a package.json is matched by npm and yarn/pnpm |
Extras to help the migration:
|
Could the warning message added at #23241 be improved? When I saw this, I thought it meant we could no longer have multiple independent Instead of:
How about:
|
For improved visibility in the Angular CLI, we recently adopted a combination of PNPM and Yarn. We use a single However, we don't want Renovate to update the PNPM lock file. Unfortunately, this has proven challenging because there’s no straightforward way to prevent Renovate from interacting with PNPM within a multi-package manager setup. We recognize this is a bit of an edge case. |
What would you like Renovate to be able to do?
Have separate Renovate "managers" for npm/yarn/pnpm/lerna instead of the combined one today.
Describe the solution you'd like
If they were separated into different managers then it could simplify the code a lot.
Describe alternatives you've considered
Keeping as-is, with "npm" as a single manager.
Additional context
Today we support more than one type of lock file with the same
package.json
, e.g.package-lock.json
andyarn.lock
. This isn't a recommended config but some of our users do have it. This would mean we'd need two managers active on the same package file.A challenge is how to know which is which, and not duplicating work:
The above would mean that the managers all have to be "aware" of each other though, which can reduce part of the benefits of separating them.
The text was updated successfully, but these errors were encountered: