DEV Community

Cover image for pnpm and package-lock.json
Corentin Girard
Corentin Girard

Posted on β€’ Edited on

3 2

pnpm and package-lock.json

I just started to use pnpm as an alternative to npm and it's great!

However, I quickly ran into a problem: pnpm creates a pnpm-lock.yaml file and it doesn't update my old package-lock.json.

So here is what I could do:

  • Get rid of my package-lock.json (so that I don't need to keep it up to date anymore) and keep the pnpm-lock.yaml but I "force" people to use pnpm
  • Remove both lock files and pretend that "it's a library so it should always be up to date" (from a comment below this question on StackOverflow)
  • Keep both files but I need to manually update the package-lock.json with npm because pnpm doesn't support it

For now, I disabled the creation of the pnpm lock file so that pnpm just acts for me as something which speeds up my installation process and I kept my package-lock.json file.

I think this question is also applicable to someone who uses yarn, so I searched for it and found in this answer that there is a yarn import command which creates a yarn lock file from a npm lock file. There is exactly the same command with pnpm (but it creates a pnpm lock file, obviously).

The problem is that it would force me to use something that I don't want to use anymore (npm) to be able to please others.

What do you think about that? Maybe you have another solution?

Edit:

Here's the answer of pnpm's creator:

Image of Docusign

Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (1)

Collapse
 
drarig29 profile image
Corentin Girard β€’

By the way, I found that it's possible to force people to use pnpm too: pnpm.js.org/en/only-allow-pnpm

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more