You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I want to use bun in our CI to install dependencies based on an existing package-lock.json. My package.json contains overrides, which leads to the following problem:
bun pm migrate to generate bun.lockb from package-lock.json
bun install --frozen-lockfile to reinstall dependencies
Fails with error: lockfile had changes, but lockfile is frozen
What is the expected behavior?
No error, as the package.json did not change.
What do you see instead?
error: lockfile had changes, but lockfile is frozen
Additional information
With some debugging I identified that the problem is that during migration, the Lockfile's overrides field is not set. So the following code path is triggered, leading to a difference in lockfiles:
if (from_lockfile.overrides.map.count() !=to_lockfile.overrides.map.count()) {
summary.overrides_changed=true;
This is probably because the information is not explicitly contained in the package-lock.json file, and the migration only considers the package-lock.json, not the package.json.
So my ideas would be:
Set Lockfile.overrides based on package.json
Somehow deduce overrides from the package-lock.json. E.g. in my case, the package-lock.json contains the following:
What version of Bun is running?
1.0.13+f5bf67bd1
What platform is your computer?
Linux 5.15.0-47-generic x86_64 unknown
What steps can reproduce the bug?
Hi, I want to use bun in our CI to install dependencies based on an existing package-lock.json. My package.json contains overrides, which leads to the following problem:
npm install
to generatepackage-lock.json
bun pm migrate
to generatebun.lockb
frompackage-lock.json
bun install --frozen-lockfile
to reinstall dependencieserror: lockfile had changes, but lockfile is frozen
What is the expected behavior?
No error, as the package.json did not change.
What do you see instead?
error: lockfile had changes, but lockfile is frozen
Additional information
With some debugging I identified that the problem is that during migration, the Lockfile's overrides field is not set. So the following code path is triggered, leading to a difference in lockfiles:
bun/src/install/lockfile.zig
Lines 2896 to 2897 in 778bad9
This is probably because the information is not explicitly contained in the package-lock.json file, and the migration only considers the package-lock.json, not the package.json.
So my ideas would be:
Lockfile.overrides
based onpackage.json
package-lock.json
. E.g. in my case, thepackage-lock.json
contains the following:so it has an additional
"name"
field set, which indicates that it has been an override. But this seems more fragile than using thepackage.json
.The text was updated successfully, but these errors were encountered: