Conversation
Update the env lockfile's `packageManagerDependencies` entry when `devEngines.packageManager` declares a pnpm version that the lockfile no longer satisfies. Previously the stale entry was kept even though the running pnpm matched the declared version, silently breaking the integrity record. Closes #11387
zkochan
added a commit
that referenced
this pull request
Apr 29, 2026
#11392) * fix: sync env lockfile when devEngines.packageManager version is stale Update the env lockfile's `packageManagerDependencies` entry when `devEngines.packageManager` declares a pnpm version that the lockfile no longer satisfies. Previously the stale entry was kept even though the running pnpm matched the declared version, silently breaking the integrity record. Closes #11387 * refactor: drop redundant pm.name guard in main.ts (syncEnvLockfile already checks) * refactor: hoist pm.onFail !== 'ignore' guard so each clause appears once * test: assert syncEnvLockfile actually rewrites the lockfile entry on disk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
devEngines.packageManagerdeclared a pnpm version that the lockfile no longer satisfied, pnpm previously left the stalepackageManagerDependenciesentry in place — silently breaking the integrity record while still using the new version.syncEnvLockfile, invoked aftercheckPackageManagerfor pnpm, which detects a stale lockfile entry and re-resolves it against the currently running pnpm version (already verified to satisfy the wanted range). No-ops when there is no env lockfile, no existing entry, the entry already satisfies, or the running pnpm doesn't satisfy.Test plan
pnpm exec tsgo --buildcleanpnpm run lintclean (only pre-existing warnings)pnpm/src/syncEnvLockfile.test.ts(8 tests, 100% coverage of the new module) passpnpm/test/switchingVersions.test.ts(12 tests) passpnpm/test/packageManagerCheck.test.ts+pnpm/test/configurationalDependencies.test.ts(28 tests) pass