DEV Community

Cover image for pnpm and package-lock.json
Corentin Girard
Corentin Girard

Posted on • Edited on

pnpm and package-lock.json

I just started to use pnpm as an alternative to npm and it's great!

However, I quickly ran into a problem: pnpm creates a pnpm-lock.yaml file and it doesn't update my old package-lock.json.

So here is what I could do:

  • Get rid of my package-lock.json (so that I don't need to keep it up to date anymore) and keep the pnpm-lock.yaml but I "force" people to use pnpm
  • Remove both lock files and pretend that "it's a library so it should always be up to date" (from a comment below this question on StackOverflow)
  • Keep both files but I need to manually update the package-lock.json with npm because pnpm doesn't support it

For now, I disabled the creation of the pnpm lock file so that pnpm just acts for me as something which speeds up my installation process and I kept my package-lock.json file.

I think this question is also applicable to someone who uses yarn, so I searched for it and found in this answer that there is a yarn import command which creates a yarn lock file from a npm lock file. There is exactly the same command with pnpm (but it creates a pnpm lock file, obviously).

The problem is that it would force me to use something that I don't want to use anymore (npm) to be able to please others.

What do you think about that? Maybe you have another solution?

Edit:

Here's the answer of pnpm's creator:

Top comments (1)

Collapse
 
drarig29 profile image
Corentin Girard

By the way, I found that it's possible to force people to use pnpm too: pnpm.js.org/en/only-allow-pnpm