docs: Append yarn-plugin-pin-deps
to Contrib plugins
#4552
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's the problem this PR addresses?
This PR adds a new plugin to the list of "contrib plugins". The plugin is
yarn-plugin-pin-deps
, which adds a commandyarn pin-deps
. This command will find any dependencies referenced with a semver identifier, and will updatepackage.json
to replace that identifier with the exact version of the package currently resolved in the lockfile for that reference.We've been using it "in production" for 1+ year and I recently migrated it to support Yarn 3, so I decided to also take the opportunity to package it as a plugin. It's worked well for our purposes, where the original goal was to migrate a mono-repo to use pinned dependencies. By it's nature it isn't something we use often, but we do occasionally use it to pin some dependency we accidentally installed without
-E
a few commits prior (granted, if I didn't have this plugin, I'd just remove the package and install it again - but it does help for migrating many dependencies all at once).It's possible this plugin is not even necessary, or there is a way to accomplish this dependency pinning with basic yarn commands, but I'm not aware of it (at least, it was certainly not possible when I originally wrote this plugin). It's also possible that is has some oversight in how it pins dependencies that will cause weird bugs, but if so, I have not encountered it yet.
Please do let me know if there is better-supported way to pin dependencies to their currently resolved versions, so that I can delete the plugin 😄
How did you fix it?
I followed the "open a PR" link and used the wonderful GitHub editor to append a link to the plugin 😄 I hope I did not break any formatting.
Checklist