Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[potential bug] Moon uses npm install instead of npm ci #1704

Open
AnomalRoil opened this issue Oct 29, 2024 · 1 comment
Open

[potential bug] Moon uses npm install instead of npm ci #1704

AnomalRoil opened this issue Oct 29, 2024 · 1 comment
Assignees
@milesj
Labels
bug Something isn't working

Comments

@AnomalRoil
Copy link

Describe the bug

When running any tasks in a npm project, it seems moon is going to first run npm install, but npm install is not freezing the package-lock.json files and there are no options to use npm clean-install instead.
This means sometimes moon will randomly decide to change my package-lock.json, make my builds far less deterministic than I'd like.

Is this intended or not?

Expected behavior

Running moon run :build should build things, not update my package-lock.json.

Environment

npx envinfo

  System:
    OS: Linux 6.9 Pop!_OS 22.04 LTS
    CPU: (24) x64 AMD Ryzen 9 5900X 12-Core Processor
    Memory: 5.44 GB / 31.25 GB
    Container: Yes
    Shell: 5.8.1 - /bin/zsh
  Binaries:
    Node: 22.9.0 - ~/.nvm/versions/node/v22.9.0/bin/node
    Yarn: 1.22.22 - /usr/bin/yarn
    npm: 10.8.3 - ~/.nvm/versions/node/v22.9.0/bin/npm
  Managers:
    Apt: 2.4.13 - /usr/bin/apt
    Cargo: 1.79.0 - ~/.cargo/bin/cargo
    Gradle: 4.4.1 - /usr/bin/gradle
    pip3: 22.0.2 - /usr/bin/pip3
    RubyGems: 3.3.5 - /usr/bin/gem
  Utilities:
    CMake: 3.22.1 - /usr/bin/cmake
    Make: 4.3 - /usr/bin/make
    GCC: 11.4.0 - /usr/bin/gcc
    Git: 2.34.1 - /usr/bin/git
    Clang: 14.0.0 - /usr/bin/clang
    Ninja: 1.10.1 - /usr/bin/ninja
    FFmpeg: 4.4.2 - /usr/bin/ffmpeg
    Curl: 7.81.0 - /usr/bin/curl
    OpenSSL: 3.0.2 - /usr/bin/openssl
  Virtualization:
    Docker: 20.10.15 - /usr/bin/docker
    VirtualBox: 7.0.18 - /usr/bin/vboxmanage
  IDEs:
    Emacs: 27.1 - /usr/bin/emacs
    Nano: 6.2 - /usr/bin/nano
    Vim: 9.1 - /usr/local/bin/vim
  Languages:
    Bash: 5.1.16 - /usr/bin/bash
    Go: 1.23.2 - /home/anomalroil/.local/bin/go
    Java: 11.0.24 - /usr/bin/javac
    Perl: 5.34.0 - /usr/bin/perl
    Protoc: 25.3 - /usr/local/bin/protoc
    Python3: 3.10.12 - /usr/bin/python3
    R: 4.1.2 - /usr/bin/R
    Ruby: 3.0.2 - /usr/bin/ruby
    Rust: 1.79.0 - /home/anomalroil/.cargo/bin/rustc
  Databases:
    SQLite: 3.37.2 - /usr/bin/sqlite3
  Monorepos:
    Yarn Workspaces: 1.22.22

Additional context

If this is intended, is there any workaround (other than switching to yarn and using --frozen-lockfile if possible) to avoid that behaviour?
@AnomalRoil AnomalRoil added the bug Something isn't working label Oct 29, 2024
@milesj
Copy link
Collaborator

milesj commented Oct 29, 2024

@AnomalRoil We use npm ci when in CI, but npm install locally: https://github.com/moonrepo/moon/blob/master/legacy/node/tool/src/npm_tool.rs#L201

We do this to handle situations where a package.json dependency was changed some where, but the install hasn't occurred yet, resulting in an invalid node_modules state.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@milesj milesj

Labels
bug Something isn't working
Milestone
No milestone
Development

No branches or pull requests
2 participants
@milesj @AnomalRoil