yarn - Proper way to quickly check if `package.json` and `yarn.lock` requirements are satisfied?
Asked Answered
P

2

15

I'd like to verify whether all the dependencies in my project (package.json and yarn.lock) are satisfied without having to run yarn install (which builds out a whole dependency tree and makes network requests)

At first, I was very hopeful that yarn check did this. The following command verifies that each dependency is satisfied in package.json and verifies that the installed package matches the yarn.lock file.

yarn check --integrity --verify-tree

However, the documentation says this is deprecated as of yarn v2, and that yarn install --check-files should be used instead.

But the documentation for --check-files makes it seem like this does something completely different.

yarn install --check-files

Verifies that already installed files in node_modules did not get removed.

I can also verify that running it essentially runs a full yarn install command, so it's not useful here.

Furthermore, the pull request that removed yarn check also mentions that the behavior of --check-files isn't exactly intuitive.

So what's the supported way of running this check in yarn v2 and later? Is there any way to do a lightweight check against package.json and yarn.lock without having to build out the whole dependency tree over a network like yarn install does?

FWIW, a similar question was asked for npm and the solution was to use the --dry-run flag, but that flag doesn't seem to exist in yarn.

Pacifier answered 24/1, 2021 at 5:20 Comment(0)
D
2

You mention that the --dry-run flag for npm does what you are looking for in yarn. Starting with [email protected], npm parses and uses yarn.lock files if they exist (and there's no package-lock.json).

So you can use npm with the --dry-run option and it should work with a yarn.lock file.

Make sure you are using npm 7.0.0 or later. To update: npm install -g npm

Dwelling answered 1/2, 2021 at 14:38 Comment(0)
S
1

There are several options in the yarn cli which probably give you the ability to achieve what you want to do.

My best guess is to use the offline mode to stop any external requests, which you asked for. The frozen lockfile additionally gives you the option to error out in case the dependencies are not in sync with each other.

The option to check files that you mention is not inherently needed for your case, as far as I understand, because you don't want to check the node_modules-folder rather than the package.json and the yarn.lock.

So how about yarn install --offline --frozen-lockfile?

Best wishes, hope that helps

Subjoinder answered 30/1, 2021 at 12:42 Comment(2)
Thanks so much! The --offline feature didn't have much explanation in that documentation but is better explained here. However, it looks like it maintains a separate cache folder. This isn't ideal, I would think there would still be an easier way to check installation. But this is a great thing to investigate.Pacifier
--offline appears to have been retired in Yarn 3. Any idea what might have replaced it?Irrepressible

© 2022 - 2024 — McMap. All rights reserved.