TechQA.

Why PNPM marks my package with "version: link:" after "pnpm install ..." command?

178 views Asked by At

I have a package, which is published in NPM. In this package, I used the same package as its one of dependencies, https://github.com/tal-rofe/cz-vinyl

So as your can see, the package name is cz-vinyl, with latest version of 2.5.0. Most important, my package.json file includes: "cz-vinyl": "2.5.0", so I use the package as a dependency.

In the package, I export some TypeScript types in its package.json file:

    "exports": {
        ".": {
            "types": "./dist/config.d.ts",
            "require": "./dist/index.cjs"
        }
    },

However, when I have a TypeScript file, https://github.com/tal-rofe/cz-vinyl/blob/main/czvinyl.config.ts, where I do:

import type { CzVinylConfig } from 'cz-vinyl';

I get an error: Cannot find module 'cz-vinyl' or its corresponding type declarations.ts(2307). I didn't understand why is it the case, because I did export my TypeScript types in the package. Then I found out that PNPM uses this self package as link to the source code.

From pnpm-lock.yaml file:

  cz-vinyl:
    specifier: 2.5.0
    version: 'link:'

And when I look at ./node_modules/cz-vinyl Indeed I just see my source code, instead of the distributed files from NPM. I tested it in completely different repository: I installed cz-vinyl in other project, using PNPM, and I saw my distributed NPM code. And that I why I get the error I pasted here.

So, why does it even happen? And how can I make PNPM to use the NPM distributed code instead of linking directly to the source code?

After more investigation, I found out that issue occurs after Renovate makes a pull request on my code to update some dependencies' versions.

After another investigation I traced the Renovate logs, and found out what the process is:

  1. Renovate modifies my package.json file with this change:

  2. Renovate runs: pnpm install --recursive --lockfile-only --ignore-scripts --ignore-pnpmfile

  3. Renovate updates my pnpm-lock.yaml with the new changes according to step 2.

I could replicate this issue locally:

  1. Run git clone https://github.com/tal-rofe/cz-vinyl.git
  2. Modified manually my package.json file as the same way Renovate did
  3. Run locally pnpm install --recursive --lockfile-only --ignore-scripts --ignore-pnpmfile
  4. I can see my pnpm-lock.yamlchanges:
node.js typescript npm pnpm renovate
Original Q&A
0

There are 0 answers

Related Questions in NODE.JS

Related Questions in TYPESCRIPT

Related Questions in NPM

Related Questions in PNPM

Related Questions in RENOVATE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions