Conversation
`pacquet install` (no flag) didn't consult `preferFrozenLockfile`. A fresh lockfile got re-resolved from the registry instead of taking the cheap frozen path, and a stale lockfile was silently overwritten without seeding the resolver from the existing pins. Closes #11815. The install dispatch now has four ordered states: 1. `--frozen-lockfile` flag → frozen path (lockfile required, freshness check fatal). 2. No flag + lockfile present + effective `preferFrozenLockfile == true` + freshness check passes → frozen path (same code as state 1). 3. No flag + lockfile present + opt-out or stale → fresh-resolve, seeded from the existing lockfile's snapshots so unrelated pins survive the rewrite (mirrors upstream's `update: false` resolver mode). 4. No lockfile → fresh-resolve with no seed. `check_lockfile_freshness` is the shared helper: it runs `pnpm.overrides` parsing, `check_lockfile_settings`, the overrides-aware manifest re-apply, and `satisfies_package_manifest`. State 1 surfaces its `Err` as `InstallError`; state 2 treats a stale-lockfile `Err` as fall-through and surfaces `InvalidOverrides` as fatal. CLI exposes `--prefer-frozen-lockfile` / `--no-prefer-frozen-lockfile` mirroring pnpm so users can override per invocation; `pacquet add` opts out of the fast path explicitly since the manifest is necessarily stale by the time the install dispatch runs.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (5)
📜 Recent review details🧰 Additional context used📓 Path-based instructions (1)pacquet/**/*.rs📄 CodeRabbit inference engine (pacquet/AGENTS.md)
Files:
🧠 Learnings (2)📚 Learning: 2026-05-20T19:40:55.051ZApplied to files:
📚 Learning: 2026-05-20T23:07:58.444ZApplied to files:
🔇 Additional comments (14)
📝 WalkthroughWalkthroughThis PR implements the ChangesPrefer Frozen Lockfile Dispatch
Sequence DiagramsequenceDiagram
participant User
participant CLI as InstallArgs
participant Install as Install::run
participant Dispatch as Dispatch Logic
participant Freshness as check_lockfile_freshness
participant FrozenPath as Frozen Path
participant FreshPath as Fresh Path (InstallWithFreshLockfile)
User->>CLI: --prefer-frozen-lockfile<br/>(or --no-prefer-frozen-lockfile)
CLI->>Install: prefer_frozen_lockfile: Some(true/false)
Install->>Dispatch: effective prefer_frozen_lockfile
Dispatch->>Dispatch: Check --frozen-lockfile flag?
alt Frozen flag
Dispatch->>FrozenPath: take_frozen_path = true
else No frozen flag
Dispatch->>Dispatch: Lockfile exists & prefer_frozen == true?
alt Yes
Dispatch->>Freshness: check_lockfile_freshness()
Freshness->>Freshness: Parse overrides, check settings, validate manifest
alt Fresh
Freshness-->>Dispatch: Ok(fresh)
Dispatch->>FrozenPath: take_frozen_path = true
else Stale
Freshness-->>Dispatch: Err(stale)
Dispatch->>FreshPath: take_frozen_path = false
end
else No
Dispatch->>FreshPath: take_frozen_path = false
end
end
FrozenPath->>FrozenPath: Use lockfile snapshot, skip resolve
FreshPath->>FreshPath: Seed resolver from wanted_lockfile snapshots
FreshPath->>FreshPath: Re-resolve, write new lockfile
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related issues
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Micro-Benchmark ResultsLinux |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #11824 +/- ##
=======================================
Coverage 87.60% 87.60%
=======================================
Files 203 203
Lines 24045 24107 +62
=======================================
+ Hits 21064 21119 +55
- Misses 2981 2988 +7 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
Integrated-Benchmark Report (Linux)Scenario: Frozen Lockfile
BENCHMARK_REPORT.json{
"results": [
{
"command": "pacquet@HEAD",
"mean": 2.52260250688,
"stddev": 0.10374096533189638,
"median": 2.49749569828,
"user": 2.80368318,
"system": 3.74716192,
"min": 2.39673823978,
"max": 2.71720754178,
"times": [
2.54044391578,
2.47735488478,
2.39673823978,
2.67642858078,
2.71720754178,
2.50134114378,
2.41791122478,
2.45743117178,
2.54751811278,
2.4936502527799997
]
},
{
"command": "pacquet@main",
"mean": 2.4513383196799996,
"stddev": 0.10513865240383856,
"median": 2.4343276097799995,
"user": 2.7402421800000005,
"system": 3.7538510200000004,
"min": 2.3350944397799998,
"max": 2.71140797378,
"times": [
2.71140797378,
2.50910967178,
2.4453351517799997,
2.46835764678,
2.3350944397799998,
2.46328952878,
2.3871402107799997,
2.40599537778,
2.4233200677799998,
2.3643331277799997
]
},
{
"command": "pnpm",
"mean": 4.87861636898,
"stddev": 0.035560054968969,
"median": 4.87947326128,
"user": 8.19449378,
"system": 4.25917022,
"min": 4.81522215978,
"max": 4.9350320537800005,
"times": [
4.87344566478,
4.9350320537800005,
4.87816645778,
4.880780064780001,
4.883478241780001,
4.81522215978,
4.925416039780001,
4.89059614978,
4.86570077978,
4.838326077780001
]
}
]
}Scenario: Frozen Lockfile (Hot Cache)
BENCHMARK_REPORT.json{
"results": [
{
"command": "pacquet@HEAD",
"mean": 0.71864294902,
"stddev": 0.03010169907342208,
"median": 0.71116578422,
"user": 0.3912095,
"system": 1.57182122,
"min": 0.68780510622,
"max": 0.79799073722,
"times": [
0.79799073722,
0.71248762122,
0.71600449422,
0.7082039262200001,
0.71842113222,
0.73086126422,
0.70220072922,
0.68780510622,
0.70261053222,
0.70984394722
]
},
{
"command": "pacquet@main",
"mean": 0.7320113763200001,
"stddev": 0.05205645456424582,
"median": 0.70732179372,
"user": 0.39211339999999995,
"system": 1.58093702,
"min": 0.6831785502200001,
"max": 0.80994234722,
"times": [
0.80857645322,
0.6831785502200001,
0.79105821022,
0.71930105822,
0.69143028522,
0.6953425292200001,
0.80994234722,
0.73940894622,
0.69141138422,
0.69046399922
]
},
{
"command": "pnpm",
"mean": 2.58224073032,
"stddev": 0.07687252401927189,
"median": 2.5732623357200004,
"user": 3.2175531,
"system": 2.26185902,
"min": 2.5033213842200004,
"max": 2.7209701952200005,
"times": [
2.6105127042200005,
2.5060410722200004,
2.5115350692200002,
2.6954470622200004,
2.5898031252200004,
2.5330612712200002,
2.59499387322,
2.5033213842200004,
2.7209701952200005,
2.5567215462200004
]
}
]
} |
Summary
The install dispatch now has four ordered states:
The freshness-check logic that used to live inline in the frozen branch is now `check_lockfile_freshness`, a shared helper consumed by both state 1 (where any `Err` is fatal) and state 2 (where a stale-lockfile `Err` falls through to fresh-resolve and an invalid `pnpm.overrides` stays fatal).
Adds `--prefer-frozen-lockfile` / `--no-prefer-frozen-lockfile` CLI flags mirroring pnpm so users can override per invocation. `pacquet add` explicitly opts out of the fast path since the manifest is necessarily stale by the time the install dispatch runs.
Test plan
Written by an agent (Claude Code, claude-opus-4-7).
Summary by CodeRabbit
New Features
--prefer-frozen-lockfileand--no-prefer-frozen-lockfileCLI flags for granular control over lockfile handling during installation.Behavior Changes
pacquet addnow always re-resolves dependencies after modifying the manifest, ensuring updated dependency trees.