Adding root dependency removes workspace packages from lockfile

[jgoz]

Do you want to request a feature or report a bug? Bug

What is the current behavior?

Adding a dev dependency to the root of a workspace adds the new package to the lockfile, but also removes lockfile entries for dependencies of the individual workspaces.

In my project, adding a single dependency to the root trimmed the lockfile length from ~8000 lines to ~4000. The workaround is to use --no-lockfile when adding, and then run yarn install; this will add just the new dependency to the lockfile, as expected.

If the current behavior is a bug, please provide the steps to reproduce.

In a workspace project:

$ yarn add --dev left-pad # in workspace root

This will remove entries from the lockfile that aren't direct dependencies of the root (e.g., are dependencies of the workspaces).

What is the expected behavior?

Lockfile is updated with just an entry for the new dependency.

Workaround

$ yarn add --dev --no-lockfile left-pad
$ yarn install

This will update package.json with the new entry only, and then update the lockfile as part of yarn install, which produces the correct results.

Please mention your node.js, yarn and operating system version.
Node: 8.4.0
Yarn: 1.0.1
OS: Mac OS 10.12

[jgoz]

@BYK @arcanis I created a repro project at https://github.com/jgoz/yarn-workspace-issue.