Lockfiles
aube's default lockfile for new projects is aube-lock.yaml. For projects that already have a different supported lockfile, aube keeps reading and writing that file in place.
Supported lockfile formats
aube reads and writes all of the following formats:
aube-lock.yaml(default for new projects)pnpm-lock.yamlv9package-lock.jsonnpm-shrinkwrap.jsonyarn.lock— both v1 classic and v2+ berrybun.lock
Write behavior
On install (and on add, remove, update, dedupe), aube picks the lockfile to write from whichever supported file already exists in the project directory. Precedence is: aube-lock.yaml → pnpm-lock.yaml → bun.lock → yarn.lock → npm-shrinkwrap.json → package-lock.json. When none of those exist yet, aube writes aube-lock.yaml.
The practical upshot:
- A pnpm project keeps getting
pnpm-lock.yamlupdates. - An npm project keeps getting
package-lock.jsonupdates. - Only
aube import(or manually removing the existing lockfile) switches a project ontoaube-lock.yaml.
Keep the original lockfile while its package manager is still part of the workflow — aube and the original package manager both read from and write to the same file without conflicting.
Frozen installs
aube install --frozen-lockfile
aube ciFrozen mode fails when the lockfile no longer matches the manifest.
Prefer frozen installs
aube install --prefer-frozen-lockfileThis is the local default. aube uses the lockfile if it is fresh and re-resolves when the manifest changed.
Lockfile-only updates
aube install --lockfile-onlyUse this when CI or automation needs to update dependency metadata without touching node_modules.
Runtime pins
When package.json pins Node through devEngines.runtime, the resolved exact version (plus per-platform download URLs and SHA-256 checksums) is recorded in the lockfile using pnpm 10.14+'s node@runtime: entry shape — a synthetic dep on the root importer and a packages: entry with a variations resolution. aube and pnpm read each other's pins. Formats without a runtime shape (npm / yarn / bun) skip the pin and re-resolve the range at run time. See Node runtime switching.
Branch lockfiles
When gitBranchLockfile is enabled, aube writes branch-specific lockfile names such as aube-lock.<branch>.yaml. Use this for long-running branches that produce frequent lockfile conflicts.