pnpm version: 7.16.0
Code to reproduce the issue:
foo/package.json
.pnpmfile.cjs
module.exports = {
hooks: {
readPackage(pkg, ctx) {
pkg.dependencies = {
lodash: "*"
};
return pkg;
}
}
}
pnpm-workspace.yaml
pnpm i --lockfile-only to generate pnpm-lock.yaml
pnpm i --lockfile-only to trigger package.json mutation bug
Expected behavior:
pnpm-lock.yaml and package.json which have invalid state are updated.
Actual behavior:
pnpm-lock.yaml and all package.json modified in readPackage hook are updated with changes from readPackage.
Note that this behavioural difference is different from running pnpm install alone.
Additional information:
pnpm version:
7.16.0Code to reproduce the issue:
foo/package.json{ "name": "foo" }.pnpmfile.cjspnpm-workspace.yamlpnpm i --lockfile-onlyto generatepnpm-lock.yamlpnpm i --lockfile-onlyto triggerpackage.jsonmutation bugExpected behavior:
pnpm-lock.yamlandpackage.jsonwhich have invalid state are updated.Actual behavior:
pnpm-lock.yamland allpackage.jsonmodified inreadPackagehook are updated with changes fromreadPackage.Note that this behavioural difference is different from running
pnpm installalone.Additional information:
node -vprints:v16.18.0