feat(yarn): Fail in case an update of the lockfile is needed

Do not update the lockfile and fail if an update is needed, so that the lockfile effectively pins the version reliably. See also [1]. [1]: https://yarnpkg.com/cli/install#options Signed-off-by: Frank Viernau <frank_viernau@epam.com>
oss-review-toolkit · Sep 24, 2024 · 165b3e6 · 165b3e6
1 parent 9860496
commit 165b3e6
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/plugins/package-managers/node/src/main/kotlin/Yarn.kt b/plugins/package-managers/node/src/main/kotlin/Yarn.kt
@@ -80,7 +80,8 @@ class Yarn(
         // fixed minor version to be sure to get consistent results.
         checkVersion()
 
-    override fun runInstall(workingDir: File) = run(workingDir, "install", "--ignore-scripts", "--ignore-engines")
+    override fun runInstall(workingDir: File) =
+        run(workingDir, "install", "--ignore-scripts", "--ignore-engines", "--immutable")
 
     override fun getRemotePackageDetails(workingDir: File, packageName: String): PackageJson {
         yarnInfoCache.read(packageName)?.let { return parsePackageJson(it) }