Expand my Community achievements bar.

SOLVED

Use Yarn for Frontend Code Pipelines in Cloud Manager

Avatar

Level 1

I'm trying to set up a Frontend Code Pipeline but it's immediately failing due to the following error: 

 

[BUILD] Running npm audit command(s)
Executing command npm --progress false audit --production --audit-level=critical
npm ERR! code ELOCKVERIFY
npm ERR! Errors were found in your package-lock.json, run  npm install  to fix them.

 

If I delete the package-lock.json, I get:

[BUILD] Running npm audit command(s)
Executing command npm --progress false audit --production --audit-level=critical
npm ERR! code EAUDITNOLOCK
npm ERR! audit Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile
npm ERR! audit Try creating one first with: npm i --package-lock-only

 

Is there a way to execute the command using yarn instead of npm?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @sowhatdoido,

 

Please go through this article to understand how npm audit works - https://satejsawant.dev/blog/npm-audit-how-it-works

 

You need to have package.json and package-lock.json files to be present for npm audit to work. When you run npm install package-lock.json is automatically generated.

 

Please let me know the steps that you're taking if this does not help.

 

Thanks,

Chitra

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hi @sowhatdoido,

 

Please go through this article to understand how npm audit works - https://satejsawant.dev/blog/npm-audit-how-it-works

 

You need to have package.json and package-lock.json files to be present for npm audit to work. When you run npm install package-lock.json is automatically generated.

 

Please let me know the steps that you're taking if this does not help.

 

Thanks,

Chitra

Avatar

Level 1

Sorry, I should have been clearer in my question: I understand that npm requires the package.json and package-lock.json files to be present for npm audit to work. Internally our project uses Yarn, and thus generates a corresponding yarn.lock file, and yarn has the ability to run an audit command as well (https://classic.yarnpkg.com/lang/en/docs/cli/audit/).

Overall, there is more than one package manager in the market, Yarn being one alternative, PNPM being another. See this for more info.

 

Is it possible to swap package managers in the frontend pipeline/are there plans to support such tooling?