Running yarn install after removing a dep manually doesn’t remove it from the yarn.lock

Do you want to request a feature or report a bug? Bug

What is the current behavior?

Removing a dep manually and then running yarn install doesn’t remove it from the yarn.lock

If the current behavior is a bug, please provide the steps to reproduce.

yarn init --yes
yarn add object-assign sorted-object
# manually update package.json to remove object-assign
yarn install
cat yarn.lock
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


object-assign@^4.1.1:
  version "4.1.1"
  resolved object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863

sorted-object@^2.0.1:
  version "2.0.1"
  resolved sorted-object-2.0.1.tgz#7d631f4bd3a798a24af1dffcfbfe83337a5df5fc

What is the expected behavior?

It should remove the unused items from the yarn.lock

Please mention your node.js, yarn and operating system version.

  • Yarn: 0.191
  • Node: 7.0.0
  • OS: macOS

Author: Fantashit

5 thoughts on “Running yarn install after removing a dep manually doesn’t remove it from the yarn.lock

  1. When the package.json has been updated to include a new dependency or a new version of a dependency, yarn install modifies the yarn.lock file to suit the package.json. It seems strange that it makes these changes for some types of modifications, but not others.

    I think of yarn upgrade as a more heavyweight operation, as it bumps a potentially large number of dependency versions and doesn’t just clean up unused entries of the lockfile. (Though maybe my perception here is skewed due to my background working with Java, where bumping versions of dependencies is seen as a bigger deal.)

  2. It looks like yarn --force has the behavior I want in this case, i.e. it will update the lockfile to remove unneeded dependencies in situations where yarn alone would not.

  3. yarn install works in strange way, when adding new package in package.json, it adds those those package and update yarn.lock accordingly. But when removing, it doesn’t update lock file accordingly but the removed package is removed from node_modules directory.

    Yarn should have behaviour similar to composer. yarn install should install dependencies based on yarn.lock file. If there is no yarn.lock file then it should invoke yarn upgrade and make lock file. When we update package.json, we should not be able to reflect changes in package.json with yarn install but only with yarn upgrade. And warn when there is dependencies mismatch between lock file and json file.

  4. I think yarn install should always install dependencies as listed in the lock file, i.e. the current behaviour “feels” right to me.

    I think so too. However, as others have pointed out, it was decided in #570 that yarn install would by default recreate yarn.lock to match the list in package.json. The problem is that it is inconsistent, i.e. it only works that way for half changes to the package list.

    you should use yarn remove xx

    I like using a editor for editing source files (and package.json is a source file) — not cat, yarn, etc. — and then using build/packaging tools to apply those updates.

    Worse, if I’ve already removed a bunch of packages, I have to go add them back, and then run yarn remove, or else it won’t work. Plus, yarn remove reorders my package.json

Comments are closed.