I'm trying to set up a Frontend Code Pipeline but it's immediately failing due to the following error:
[BUILD] Running npm audit command(s)
Executing command npm --progress false audit --production --audit-level=critical
npm ERR! code ELOCKVERIFY
npm ERR! Errors were found in your package-lock.json, run npm install to fix them.
If I delete the package-lock.json, I get:
[BUILD] Running npm audit command(s)
Executing command npm --progress false audit --production --audit-level=critical
npm ERR! code EAUDITNOLOCK
npm ERR! audit Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile
npm ERR! audit Try creating one first with: npm i --package-lock-only
Is there a way to execute the command using yarn instead of npm?
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @sowhatdoido,
Please go through this article to understand how npm audit works - https://satejsawant.dev/blog/npm-audit-how-it-works
You need to have package.json and package-lock.json files to be present for npm audit to work. When you run npm install package-lock.json is automatically generated.
Please let me know the steps that you're taking if this does not help.
Thanks,
Chitra
Hi @sowhatdoido,
Please go through this article to understand how npm audit works - https://satejsawant.dev/blog/npm-audit-how-it-works
You need to have package.json and package-lock.json files to be present for npm audit to work. When you run npm install package-lock.json is automatically generated.
Please let me know the steps that you're taking if this does not help.
Thanks,
Chitra
Sorry, I should have been clearer in my question: I understand that npm requires the package.json and package-lock.json files to be present for npm audit to work. Internally our project uses Yarn, and thus generates a corresponding yarn.lock file, and yarn has the ability to run an audit command as well (https://classic.yarnpkg.com/lang/en/docs/cli/audit/).
Overall, there is more than one package manager in the market, Yarn being one alternative, PNPM being another. See this for more info.
Is it possible to swap package managers in the frontend pipeline/are there plans to support such tooling?