Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use of npm when committed lockfile is for Yarn #34

Open
barnabycollins-s2z opened this issue Feb 2, 2023 · 0 comments
Open

Use of npm when committed lockfile is for Yarn #34

barnabycollins-s2z opened this issue Feb 2, 2023 · 0 comments

Comments

@barnabycollins-s2z
Copy link

barnabycollins-s2z commented Feb 2, 2023

Hi there,

We're using a Docker deployment of Medusa based on this repository where I work, and I think I've found something you should be aware of. It looks like module versions are being controlled using yarn.lock, but the Dockerfile provided runs npm install. This means the yarn.lock file is completely ignored when building using Docker, and results in the latest version of all Node modules being installed.

The result of this is that the Medusa backend has been upgrading itself each time we deploy it, without our knowledge. medusa migrations run is run on every deploy, so most of the update migrations will have worked, but obviously the more in-depth migrations and potential code changes have not been put in place.

Is there something I've missed, or is this a problem that should be rectified?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant