Verify latest release
pnpm version
No response
Which area(s) of pnpm are affected? (leave empty if unsure)
Lockfile
Link to the code that reproduces this issue or a replay of the bug
https://github.com/dangmai/pnpm-lib-1
Reproduction steps
You can run the following commands after cloning my repository:
pnpm i
pnpm add express
git diff
Observe that the lockfile shows that the dependency dangmai/pnpm-dep-1 has been bumped up in the lockfile.
Describe the Bug
If you're using a git dependency with a mutable identifier (for example, #main), any install or update commands lead to its version getting bumped up in the lockfile.
Expected Behavior
Commands that deal with specific packages shouldn't affect other packages.
Which Node.js version are you using?
v16.20.0
Which operating systems have you used?
If your OS is a Linux based, which one it is? (Include the version if relevant)
Ubuntu
Verify latest release
pnpm version
No response
Which area(s) of pnpm are affected? (leave empty if unsure)
Lockfile
Link to the code that reproduces this issue or a replay of the bug
https://github.com/dangmai/pnpm-lib-1
Reproduction steps
You can run the following commands after cloning my repository:
Observe that the lockfile shows that the dependency
dangmai/pnpm-dep-1has been bumped up in the lockfile.Describe the Bug
If you're using a
gitdependency with a mutable identifier (for example,#main), anyinstallorupdatecommands lead to its version getting bumped up in the lockfile.Expected Behavior
Commands that deal with specific packages shouldn't affect other packages.
Which Node.js version are you using?
v16.20.0
Which operating systems have you used?
If your OS is a Linux based, which one it is? (Include the version if relevant)
Ubuntu