Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrating package-lock.json with overrides produces bun.lockb without overrrides #7233

Closed
hborchardt opened this issue Nov 20, 2023 · 2 comments
Labels
bug Something isn't working bun install Something that relates to the npm-compatible client

Comments

@hborchardt
Copy link
Contributor

What version of Bun is running?

1.0.13+f5bf67bd1

What platform is your computer?

Linux 5.15.0-47-generic x86_64 unknown

What steps can reproduce the bug?

Hi, I want to use bun in our CI to install dependencies based on an existing package-lock.json. My package.json contains overrides, which leads to the following problem:

  • Have a package.json with overrides:
{
  "name": "test",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "@swagger-api/apidom-parser-adapter-asyncapi-json-2": "0.81.0"
  },
  "overrides": {
    "@swagger-api/apidom-parser-adapter-json": "npm:empty-npm-package@1.0.0"
  }
}
  • Run the following:
    • npm install to generate package-lock.json
    • bun pm migrate to generate bun.lockb from package-lock.json
    • bun install --frozen-lockfile to reinstall dependencies
  • Fails with error: lockfile had changes, but lockfile is frozen

What is the expected behavior?

No error, as the package.json did not change.

What do you see instead?

error: lockfile had changes, but lockfile is frozen

Additional information

With some debugging I identified that the problem is that during migration, the Lockfile's overrides field is not set. So the following code path is triggered, leading to a difference in lockfiles:

bun/src/install/lockfile.zig

Lines 2896 to 2897 in 778bad9

if (from_lockfile.overrides.map.count() != to_lockfile.overrides.map.count()) {
summary.overrides_changed = true;

This is probably because the information is not explicitly contained in the package-lock.json file, and the migration only considers the package-lock.json, not the package.json.
So my ideas would be:

  • Set Lockfile.overrides based on package.json
  • Somehow deduce overrides from the package-lock.json. E.g. in my case, the package-lock.json contains the following:
"node_modules/@swagger-api/apidom-parser-adapter-json": {
      "name": "empty-npm-package",
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/empty-npm-package/-/empty-npm-package-1.0.0.tgz",
      "integrity": "sha512-q4Mq/+XO7UNDdMiPpR/LIBIW1Zl4V0Z6UT9aKGqIAnBCtCb3lvZJM1KbDbdzdC8fKflwflModfjR29Nt0EpcwA=="
    },

so it has an additional "name" field set, which indicates that it has been an override. But this seems more fragile than using the package.json.

@hborchardt hborchardt added the bug Something isn't working label Nov 20, 2023
@Jarred-Sumner
Copy link
Collaborator

Thanks for the detailed bug report

Yes this was an oversight. We implemented package-lock.json and then overrides, then didn’t go back and make sure overrides persisted as expected

@Electroid Electroid added the bun install Something that relates to the npm-compatible client label Nov 20, 2023
@hborchardt
Copy link
Contributor Author

Just checked with bun v1.1.20 and this is no longer a problem. Thanks for fixing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working bun install Something that relates to the npm-compatible client
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants