Error on conflict between npm shrinkwrap and modern lockfiles (#432)

Error on conflict between npm shrinkwrap and modern lockfiles

Error on conflict between npm shrinkwrap and modern lockfiles (#432)
Error on conflict between npm shrinkwrap and modern lockfiles
fbe5a910 · Jeremy Morrell · GitHub · 69cb78fd · fbe5a910 · fbe5a910
Commit fbe5a910 authored Jul 18, 2017 by Jeremy Morrell Committed by GitHub Jul 18, 2017
7 changed files
--- a/bin/compile
+++ b/bin/compile
@@ -61,7 +61,7 @@ trap 'handle_failure' ERR
 fail_dot_heroku "$BUILD_DIR"
 fail_dot_heroku_node "$BUILD_DIR"
 fail_invalid_package_json "$BUILD_DIR"
-fail_yarn_and_npm_lockfiles "$BUILD_DIR"
+fail_multiple_lockfiles "$BUILD_DIR"
 warn_prebuilt_modules "$BUILD_DIR"
 warn_missing_package_json "$BUILD_DIR"

--- a/lib/dependencies.sh
+++ b/lib/dependencies.sh
@@ -73,7 +73,9 @@ npm_node_modules() {
  if [ -e $build_dir/package.json ]; then
    cd $build_dir
-    if [ -e $build_dir/npm-shrinkwrap.json ]; then
+    if [ -e $build_dir/package-lock.json ]; then
+      echo "Installing node modules (package.json + package-lock)"
+    elif [ -e $build_dir/npm-shrinkwrap.json ]; then
      echo "Installing node modules (package.json + shrinkwrap)"
    else
      echo "Installing node modules (package.json)"

--- a/lib/failure.sh
+++ b/lib/failure.sh
@@ -63,13 +63,18 @@ fail_dot_heroku_node() {
  fi
 }
-fail_yarn_and_npm_lockfiles() {
+fail_multiple_lockfiles() {
+  local has_modern_lockfile=false
+  if [ -f "${1:-}/yarn.lock" ] || [ -f "${1:-}/package-lock.json" ]; then
+    has_modern_lockfile=true
+  fi
  if [ -f "${1:-}/yarn.lock" ] && [ -f "${1:-}/package-lock.json" ]; then
    mcount "failures.two-lock-files"
    header "Build failed"
-    warn "Two different lock files found: package-lock.json and yarn.lock
+    warn "Two different lockfiles found: package-lock.json and yarn.lock
-       Both npm and yarn have created lock files for this application,
+       Both npm and yarn have created lockfiles for this application,
       but only one can be used to install dependencies. Installing
       dependencies using the wrong package manager can result in missing
       packages or subtle bugs in production.
@@ -86,6 +91,29 @@ fail_yarn_and_npm_lockfiles() {
    " https://kb.heroku.com/why-is-my-node-js-build-failing-because-of-conflicting-lock-files
    exit 1
  fi
+  if $has_modern_lockfile && [ -f "${1:-}/npm-shrinkwrap.json" ]; then
+    mcount "failures.shrinkwrap-lock-file-conflict"
+    header "Build failed"
+    warn "Two different lockfiles found
+       Your application has two lockfiles defined, but only one can be used
+       to install dependencies. Installing dependencies using the wrong lockfile
+       can result in missing packages or subtle bugs in production.
+       It's most likely that you recently installed yarn which has its own
+       lockfile by default, which conflicts with the shrinkwrap file you've been
+       using.
+       Please make sure there is only one of the following files in your
+       application directory:
+       - yarn.lock
+       - package-lock.json
+       - npm-shrinkwrap.json
+    " https://kb.heroku.com/why-is-my-node-js-build-failing-because-of-conflicting-lock-files
+    exit 1
+  fi
 }
 warning() {

--- a/test/fixtures/yarn-and-shrinkwrap-lockfiles/npm-shrinkwrap.json
+++ b/test/fixtures/yarn-and-shrinkwrap-lockfiles/npm-shrinkwrap.json
+{
+  "name": "yarn",
+  "version": "1.0.0",
+  "lockfileVersion": 1,
+  "dependencies": {
+    "lodash": {
+      "version": "4.17.4",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.4.tgz",
+      "integrity": "sha1-eCA6TRwyiuHYbcpkYONptX9AVa4="
+    }
+  }
+}
--- a/test/fixtures/yarn-and-shrinkwrap-lockfiles/package.json
+++ b/test/fixtures/yarn-and-shrinkwrap-lockfiles/package.json
+{
+  "name": "yarn",
+  "version": "1.0.0",
+  "main": "index.js",
+  "license": "MIT",
+  "dependencies": {
+    "lodash": "^4.16.4"
+  }
+}
--- a/test/fixtures/yarn-and-shrinkwrap-lockfiles/yarn.lock
+++ b/test/fixtures/yarn-and-shrinkwrap-lockfiles/yarn.lock
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+lodash@^4.16.4:
+  version "4.17.4"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz#78203a4d1c328ae1d86dca6460e369b57f4055ae"
--- a/test/run
+++ b/test/run
@@ -114,8 +114,17 @@ testYarnOnlyEngine() {
 testErrorYarnAndNpmLockfiles() {
  compile "yarn-and-npm-lockfiles"
  assertNotCaptured "Creating runtime environment"
-  assertCaptured "Two different lock files found: package-lock.json and yarn.lock"
+  assertCaptured "Two different lockfiles found: package-lock.json and yarn.lock"
-  assertCaptured "Both npm and yarn have created lock files"
+  assertCaptured "Both npm and yarn have created lockfiles"
+  assertCaptured "https://kb.heroku.com/why-is-my-node-js-build-failing-because-of-conflicting-lock-files"
+  assertCapturedError
+}
+testErrorYarnAndNpmShrinkwrap() {
+  compile "yarn-and-shrinkwrap-lockfiles"
+  assertNotCaptured "Creating runtime environment"
+  assertCaptured "Two different lockfiles found"
+  assertCaptured "Please make sure there is only one of the following files"
  assertCaptured "https://kb.heroku.com/why-is-my-node-js-build-failing-because-of-conflicting-lock-files"
  assertCapturedError
 }