How to sync `yarn.lock` with `package.json`? - node.js

I installed a package with yarn add --dev, run its setup process and during it, the package installed several other packages and added those to package.json (in devDependencies), I assume with npm. Great, but now my yarn.lock is out of sync.
What is the correct, non-manual way of syncing yarn.lock to the current state of package.json?
Edit: yarn check shows the missing packages as:
error Lockfile does not contain pattern: <package>#<version>
But it doesn't add them.

Run yarn install, or just yarn.
The lock file is updated in its entirety on any change to dependencies, i.e. when you run a yarn command.
From the Yarn docs:
Your yarn.lock file is auto-generated and should be handled entirely by Yarn. As you add/upgrade/remove dependencies with the Yarn CLI, it will automatically update your yarn.lock file. Do not edit this file directly as it is easy to break something.
(Emphasis my own)

If you ever face a checksum issue this will solve it,
YARN_CHECKSUM_BEHAVIOR=update yarn

Related

Why there are differences in the order of properties and double quotation marks in the yarn.lock file?

I installed node_modules using yarn on a cloned project.
The original lockfile has double quotation marks and the newly created lockfile does not. Also, the order of integirity, version, etc. have all changed.
Is there any way to configure yarn so that the original file format is used?
Tried
yarn or yarn install
The result was the same in both cases
yarn install --frozen-lockfile
Naturally, it was installed with no changes to the lock file.
This is fine for just installation, but when making changes to the package, the same problem occurs because the lock file is updated.
The project was supposed to use yarn, but one member was using npm.

Can different yarn versions cause yarn install to modify the content of yarn.lock files?

My question is: when I run yarn install locally, it modifies the yarn.lock file I pulled from a Github source. There is nothing changed in package.json file.
My best guess is that I am using yarn 1.22.18 locally, but the latest commit of yarn.lock on Github (which I just pulled) uses 1.22.19 to generate.
Could different yarn versions cause this issue?
ps: previously, yarn.lock file on Github source was generated by yarn 1.22.17, even though I am using yarn 1.22.18. when I do yarn install, there is nothing changed in my local yarn.lock file.
I did some research on my issue, but cannot find any good articles about this problem (Why is my yarn.lock file changing when running yarn install after incrementing version in package.json?). If someone thinks this issue is a duplicate, please kindly provide a link and I will close this issue.
Thanks so much in advance!

Supporting both `npm` and `yarn` in my project

In my project, I maintain support for both npm and yarn.
At present, whenever I update file package.json, I conduct the following process:
Delete file package-lock.json
Delete file yarn.lock
Delete folder node_modules
Run npm install
Delete folder node_modules
Run yarn install
This process seems to guarantee deterministic results for both file package-lock.json and file yarn.lock.
But on the other hand, it is a little "tedious" to conduct it every time I want to update my project dependencies.
Is there a simple process that I can take instead?
I have read through this answer; it covers this topic pretty well, but not the simplification that I am looking for.
Thank you for your help.

Run `yarn remove <dependency_name>` to remove dependency, but yarn.lock still shows the removed dependency

In my node.js project, I had using yarn installed the dependency #nestjs/jwt, now I want to uninstall it since I am not using it.
I run yarn remove #nestjs/jwt. It was successful. I checked my package.json, it was removed. But when I check the yarn.lock file, it is still showing. Why is that?
My git add -p yarn.lock shows me:
-"#nestjs/jwt#8.0.0", "#nestjs/jwt#^8.0.0":
+"#nestjs/jwt#^8.0.0":
version "8.0.0"
resolved "https://registry.yarnpkg.com/#nestjs/jwt/-/jwt-8.0.0.tgz#6c811c17634252dd1qcd5dabf409db4692b812da"
integrity sha512-fz2LQgYY2zmuD8S+8UE215anwKyXlnB/1FwJMLVR47clNfMeFMK8WCxmn6xd0hF5JKuV1crO6FVabb1qWzDxqQ==
Besides packages you explicitly install, packages depend on other packages. To see a graph of any dependents of this package you have installed, do:
yarn why #nestjs/jwt -R
Yarn.lock is what yarn uses to know what versions of each dependency are installed so it can get those exact versions again when you run yarn install on a new machine. Try running 'yarn upgrade'. This should create a new yarn.lock file without those dependencies.

Difference between package.json, package-lock.json and yarn.lock files?

I have understood the details from the below link but still when to use which file is a question ?
https://docs.npmjs.com/files/package-lock.json
package.json
Contains relevant metadata for your project including dependancies, helper scripts and other general metadata.
Running npm install --save <package> or yarn add <package> adds dependancies to this file.
Between the three files listed, this is the only one you should ever need to interact with.
package-lock.json and yarn.lock
Is an auto generated file that describes the exact state of your application dependancies the last time packages where added or modified.
More specifically it guarantees the order of package installations between users - hence why it is recommended to be git committed.
yarn.lock is generated when running yarn specific commands.
package-lock.json is generated when running npm specific commands.

Resources