DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Cover image for pnpm and package-lock.json
Corentin Girard
Corentin Girard

Posted on • Updated on

pnpm and package-lock.json

I just started to use pnpm as an alternative to npm and it's great!

However, I quickly ran into a problem: pnpm creates a pnpm-lock.yaml file and it doesn't update my old package-lock.json.

So here is what I could do:

  • Get rid of my package-lock.json (so that I don't need to keep it up to date anymore) and keep the pnpm-lock.yaml but I "force" people to use pnpm
  • Remove both lock files and pretend that "it's a library so it should always be up to date" (from a comment below this question on StackOverflow)
  • Keep both files but I need to manually update the package-lock.json with npm because pnpm doesn't support it

For now, I disabled the creation of the pnpm lock file so that pnpm just acts for me as something which speeds up my installation process and I kept my package-lock.json file.

I think this question is also applicable to someone who uses yarn, so I searched for it and found in this answer that there is a yarn import command which creates a yarn lock file from a npm lock file. There is exactly the same command with pnpm (but it creates a pnpm lock file, obviously).

The problem is that it would force me to use something that I don't want to use anymore (npm) to be able to please others.

What do you think about that? Maybe you have another solution?

Edit:

Here's the answer of pnpm's creator:

Top comments (1)

Collapse
 
drarig29 profile image
Corentin Girard

By the way, I found that it's possible to force people to use pnpm too: pnpm.js.org/en/only-allow-pnpm

DEV

Thank you.

Β 
Thanks for visiting DEV, we’ve worked really hard to cultivate this great community and would love to have you join us. If you’d like to create an account, you can sign up here.