Yarn.lock 在 dev/live 服务器上修改
Yarn.lock is modified on dev/live server
这是一个很奇怪的问题。我相信它以前不在那里(在以前的 yarn 版本中或者它是一些包问题)。我在 MacOS 上使用 yarn 并将应用程序部署到实时服务器。两者上的 Yarn 都是最新的 1.12.1
在本地主机上:
- 我删除了
node_modules 目录
- 我也删除了
yarn.lock
- I 运行
yarn install 安装所有新的依赖项
现在我将代码部署到实时服务器(yarn.lock)并且:
- 我删除了
node_modules 目录
- 我 运行
yarn install 安装所有新的依赖项 - 它应该使用 yarn.lock 而不是修改它
问题是在线服务器 yarn.lock 文件被修改了。
当我 运行 git diff 我得到(差异的开始):
resolved "https://registry.yarnpkg.com/@xtuc/long/-/long-4.2.2.tgz#d291c6a4e97989b5c61d9acf396ae4fe133a718d"
integrity sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==
-abbrev@1:
- version "1.1.1"
- resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
- integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==
-
accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.7:
version "1.3.7"
resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.7.tgz#531bc726517a3b2b41f850021c6cc15eaab507cd"
@@ -1071,19 +1066,11 @@ anymatch@~3.1.1:
normalize-path "^3.0.0"
picomatch "^2.0.4"
-aproba@^1.0.3, aproba@^1.1.1:
+aproba@^1.1.1:
正如您在实时服务器上看到的那样,abbrev@1 已从此处删除,aproba 从 aproba@^1.0.3, aproba@^1.1.1: 更改为 aproba@^1.1.1:。
可能是什么原因?在它没有发生之前,总是当我提交修改时 yarn.lock 它没有在实时服务器上修改。
使用
yarn install --frozen-lockfile
根据 yarn docs:
If you need reproducible dependencies, which is usually the case with the continuous integration systems, you should pass --frozen-lockfile flag.
这是 yarn install 的行为:
Install all the dependencies listed within package.json
in the local node_modules folder.
The yarn.lock file is utilized as follows:
- If yarn.lock is present and is enough to satisfy all the dependencies
listed in
package.json, the exact versions recorded in yarn.lock are
installed, and yarn.lock will be unchanged. Yarn will not check for
newer versions.
- If
yarn.lock is absent, or is not enough to satisfy
all the dependencies listed in package.json (for example, if you
manually add a dependency to package.json), Yarn looks for the newest
versions available that satisfy the constraints in package.json. The
results are written to yarn.lock.
If you want to ensure yarn.lock is
not updated, use --frozen-lockfile.
这是一个很奇怪的问题。我相信它以前不在那里(在以前的 yarn 版本中或者它是一些包问题)。我在 MacOS 上使用 yarn 并将应用程序部署到实时服务器。两者上的 Yarn 都是最新的 1.12.1
在本地主机上:
- 我删除了
node_modules目录 - 我也删除了
yarn.lock - I 运行
yarn install安装所有新的依赖项
现在我将代码部署到实时服务器(yarn.lock)并且:
- 我删除了
node_modules目录 - 我 运行
yarn install安装所有新的依赖项 - 它应该使用yarn.lock而不是修改它
问题是在线服务器 yarn.lock 文件被修改了。
当我 运行 git diff 我得到(差异的开始):
resolved "https://registry.yarnpkg.com/@xtuc/long/-/long-4.2.2.tgz#d291c6a4e97989b5c61d9acf396ae4fe133a718d"
integrity sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==
-abbrev@1:
- version "1.1.1"
- resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
- integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==
-
accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.7:
version "1.3.7"
resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.7.tgz#531bc726517a3b2b41f850021c6cc15eaab507cd"
@@ -1071,19 +1066,11 @@ anymatch@~3.1.1:
normalize-path "^3.0.0"
picomatch "^2.0.4"
-aproba@^1.0.3, aproba@^1.1.1:
+aproba@^1.1.1:
正如您在实时服务器上看到的那样,abbrev@1 已从此处删除,aproba 从 aproba@^1.0.3, aproba@^1.1.1: 更改为 aproba@^1.1.1:。
可能是什么原因?在它没有发生之前,总是当我提交修改时 yarn.lock 它没有在实时服务器上修改。
使用
yarn install --frozen-lockfile
根据 yarn docs:
If you need reproducible dependencies, which is usually the case with the continuous integration systems, you should pass
--frozen-lockfileflag.
这是 yarn install 的行为:
Install all the dependencies listed within
package.jsonin the localnode_modulesfolder.The
yarn.lockfile is utilized as follows:
- If yarn.lock is present and is enough to satisfy all the dependencies listed in
package.json, the exact versions recorded inyarn.lockare installed, and yarn.lock will be unchanged. Yarn will not check for newer versions.- If
yarn.lockis absent, or is not enough to satisfy all the dependencies listed inpackage.json(for example, if you manually add a dependency to package.json), Yarn looks for the newest versions available that satisfy the constraints inpackage.json. The results are written to yarn.lock.If you want to ensure
yarn.lockis not updated, use--frozen-lockfile.