Description
Contribution
- I'd be willing to implement this feature (contributing guide)
Describe the user story
Using a tool like Verdaccio to manage packages locally helps a lot for local testing. My flow often looks like this:
- Make some changes to project A
- Publish a local-only version of project A to a local registry using Verdaccio
- Update project B to use the new version of A published in step (2)
and I iterate on this loop until things compile and the code feels good.
Note: I do NOT want to have to bump the version of A every single time I iterate. It gets messy, causes conflicts if I push my branch, and in general it's a lot of busy work
However, if I keep the exact same version number, I get ERR_PNPM_TARBALL_INTEGRITY which causes pnpm install to take a minute to install everything as it has to exhaust the retry count
WARN GET http://localhost:4873/package-A.tgz error (ERR_PNPM_TARBALL_INTEGRITY). Will
5B5F
retry in 10 seconds. 2 retries left.
WARN GET http://localhost:4873/package-A.tgz error (ERR_PNPM_TARBALL_INTEGRITY). Will retry in 1 minute. 1 retries left.
WARN Got unexpected checksum for "http://localhost:4873/package-A.tgz". Wanted "sha512-...". Got "sha512-...".
ERR_PNPM_TARBALL_INTEGRITY The lockfile is broken! A full installation will be performed in an attempt to fix it
Describe the solution you'd like
I want an option to just force the installation of the new package even if the sha512 differs without having to wait for all the retries
I tried --fix-lock and --force, and neither of them seem to give me what I want
Describe the drawbacks of your solution
This option could hide a case where a package actually differs in its hash due to a bug, although unlikely