--prefer-offline:

use network only if dependencies are not available in local cache

Make yarn install faster when switching branches

--pure-lockfile

don't generate a lockfile

yarnhook should not change yarn lockfile, and I don't think we should use frozen-lockfile which could fail when the lockfile is not synced with package.json yet.

mrm will make installation a whole lot easier.

bun.sh is a new JS tool which also has package management skills, with accompanying bun.lockb lockfile. Let's add support for it.

Hi,

I was going to implement a git hook to do just the same thing that yarnhook does, but for Composer (PHP package manager). But I thought it would be a shame to have yarnhook for yarn, and something specific for Composer. So I'm wondering if you are opened to handling not node-related package managers? In which case I can open a PR to add composer.

Thanks!

Would it be possible to add the ability to accept additional arguments so I could do something like this:

"husky": {
  "hooks": {
    "post-checkout": "yarnhook --ignore-optional",
    "post-merge": "yarnhook --ignore-optional",
    "post-rewrite": "yarnhook --ignore-optional"
  }
}

I'd really like to prevent yarnhook from installing optional dependencies.

Something like this

thanks for the great package, it really makes life a lot easier.

Version 7 of pnpm was recently released, and --prefer-frozen-shrinkwrap was deprecated in favor of --prefer-frozen-lockfile, causing the hook to exit with an error (and also not work as expected, since the installation does take place, just not with a frozen lock file). See the release notes here.

To the best of my understanding, it is impossible to detect pnpm's version through filesystem checks, since v7 uses the same lockfile as previous versions, so looks like resorting to pnpm -v is the only way around this

Run flow with lint-staged, do it after #4.

The project can have zero dependencies without execa, which has listed their benefits but maybe we don't need any of them? Test extensively.

When yarn install fails, for example because there is a bug in yarn or because of a wrong node version (The engine "node" is incompatible with this module. Expected version ">=4 <=9") we can end up in detached head

I don't see any reason not to support shrinkwraps.

Thanks for the great lib!

Currently, doesn't detect changes in nested package.json and yarn.lock. What do you think about adding support for monorepos?

Adding pnpm support should be really easy.

I see currently this tool checks for a lockfile to decide what pm should be used for installation. pnpm has its own lockfile called shrinkwrap.yaml.

Alternatively, which-pm can be used, which will correctly identify the pm even when installing was done w/o a lockfile creation

It would be nice to support an option to just log a message (hopefully loud), instead of forcing an install. The lockfile detection logic and execution of git diff command is still helpful to abstract away.

I cloned a project that uses yarnhook, changed a file, and then ran git checkout on that file. yarnhook got triggered, but it failed with this output:

<path_to_project>/node_modules/.bin/yarnhook
<path_to_project>/node_modules/yarnhook/node_modules/execa/index.js:303

                throw (result.error || new Error(result.stderr === '' ? result.stdout : result.stderr));
                ^
Error: fatal: Log for 'HEAD' only has 1 entries.
    at Function.module.exports.sync (<path_to_project>/node_modules/yarnhook/node_modules/execa/index.js:303:26)
    at Object.<anonymous> (<path_to_project>/node_modules/yarnhook/index.js:58:38)
    at Module._compile (internal/modules/cjs/loader.js:1147:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1167:10)
    at Module.load (internal/modules/cjs/loader.js:996:32)
    at Function.Module._load (internal/modules/cjs/loader.js:896:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
    at internal/main/run_main_module.js:17:47
error Command failed with exit code 1.

Tried googling but found nothing. Any advice?

This is serious, it may result in lost data.

It was suggested at #2 and now we have pnpm support I'm much more sympathetic to the name. One issue is we already have a neat logo, should we change it to something that looks like a lock?

Hi,

thanks for the awesome package. We have been using it for a couple of months, but since we migrated to yarn berry, we are having issues since --frozen-lockfile flag was deprecated in favour of --immutable. Hence, the hook no longer works.

Would it be possible to detect whether yarn classic or yarn 2 is used?

https://github.com/zkochan/packages/tree/master/preferred-pm

This will enable pnpm support as well.

• Update documentation to use new husky package.json fields
• Cut a release for pnpm support

npm ci is way faster than npm install so we should use it when it's available. Requirements:

• npm version is >5.7.0
• a package-lock.json or npm-shrinkwrap.json exists (we already check for package-lock.json)

Things to do:

• Check npm version
• Add checking for npm-shrinkwrap.json #19
• Add a flag for using npm install instead of npm ci
• Can we fallback to npm install if npm ci fails?

Some project support loading environment variables from .env files to allow permanent variables to be committed and shared among project members. Examples include create-react-app and Docker Compose. I think it would be great if yarnhook did as well. That way, a project team could share a variable such as YARNHOOK_DRYRUN=true without requiring each member to set it in a global .bashrc file.

Though this may seem to limit individual preference in environment variables, yarnhook could also recognize .env.local, which overrides .env and is usually listed in .gitignore

Right now the default is something like this:

{
  "printWidth": 100,
  "semi": false,
  "trailingComma": "all"
}

I get an yarnhook: command not found error when I try to git checkout on v0.4.4.
The following item seem to be missing from package.json in v0.4.4.

https://github.com/frontsideair/yarnhook/blob/v0.4.3/package.json#L4

• Add a single smoke test (branch change)
• Integrate testing with GitHub Actions
• Make test run on dev version
• Add a test for each supported package manager
• Add pull test (merge)
• Add pull test (rebase)
• Add pull test (fast-forward)
• Add reset/restore test
• Add checkout test (should not fail) (#39)
• Add single file checkout test
• Add switch test
• Add merge/rebase test
• Add stash test
• Add cherry-pick test
• Add revert test
• Add branch switch from yarnhook-installed to yarnhook-not-installed (should break, consult to husky) (#13)

Stale node_modules is a source of bugs, footguns, headaches. Angular has a bullet in the readme just for it. Consider sending PRs to large projects to increase adoption, this will also benefit the project.

Proposal:

• https://github.com/babel/babel/ (once #14 is closed)
• ???