Use Yarn for Frontend Code Pipelines in Cloud Manager

Question

I'm trying to set up a Frontend Code Pipeline but it's immediately failing due to the following error: 
 
[BUILD] Running npm audit command(s)
Executing command npm --progress false audit --production --audit-level=critical
npm ERR! code ELOCKVERIFY
npm ERR! Errors were found in your package-lock.json, run  npm install  to fix them.
 
If I delete the package-lock.json, I get:
[BUILD] Running npm audit command(s)
Executing command npm --progress false audit --production --audit-level=critical
npm ERR! code EAUDITNOLOCK
npm ERR! audit Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile
npm ERR! audit Try creating one first with: npm i --package-lock-only
 
Is there a way to execute the command using yarn instead of npm?

ChitraMadan · Accepted Answer

Hi @franktran1,

Please go through this article to understand how npm audit works - https://satejsawant.dev/blog/npm-audit-how-it-works

You need to have package.json and package-lock.json files to be present for npm audit to work. When you run npm install package-lock.json is automatically generated.

Please let me know the steps that you're taking if this does not help.

Thanks,

Chitra

FrankTran1 · Answer

Sorry, I should have been clearer in my question: I understand that npm requires the package.json and package-lock.json files to be present for npm audit to work. Internally our project uses Yarn, and thus generates a corresponding yarn.lock file, and yarn has the ability to run an audit command as well (https://classic.yarnpkg.com/lang/en/docs/cli/audit/).

Overall, there is more than one package manager in the market, Yarn being one alternative, PNPM being another. See this for more info.

Is it possible to swap package managers in the frontend pipeline/are there plans to support such tooling?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded