getting YN0028 The lockfile would have been modified by this install, which is explicitly forbidden. using yarn berry and heroku

Question

I'm using yarn berry and heroku and consistently getting the error:

       ➤ YN0028: │ The lockfile would have been modified by this install, which is explicitly forbidden.

Which suggests that my lockfile does not contain all my listed dependencies. In the yarn docs it says this is easily solved by running yarn install and pushing new lockfile to git. However I've tried this, tried with fresh node_modules, etc with no luck.

Has anyone else experienced this issue using yarn berry + heroku?

My repo is a monorepo using workspaces.

Answer 1

How to silence the error. ⚠ You don't want this!

I was able to workaround by setting the env-var YARN_ENABLE_IMMUTABLE_INSTALLS to false, as suggested here.

This is likely a bug in Yarn Berry. I've reported it here: https://github.com/yarnpkg/berry/issues/2948

---

UPD: I have created a fresh local clone of the repo from GitHub, ran yarn install in it, and it did produce changes in yarn.lock. Committing those changes resolved the CI issue, so disabling YARN_ENABLE_IMMUTABLE_INSTALLS is no longer necessary for me.

The original local repo showed a clean git status, so I still believe it is a bug.

UPD 2: My problem was that one of the Yarn worspaces was checked into git as a git submodule (I have probably created it with a nested .git/ folder and then deleted it). As a result, the workspace content, including a child package.json was not committed into the repo, it only existed in my local repo and not on the remote and CI.

After removing the git submodule and checking the workspace into the repo properly, the YN0028 error stopped happening.

Answer 2

I ran across the same issue. I resolve dit by deleting my cache and then reinstalling the dependencies.

The yarn.lock file was then modified by the time the reinstall had completed.

I believe this may have been because I checked in the cache folder initially, and then reverted it. Not sure if this then caused a discrepancy between my local environment and the checked-in repo.

Answer 3

If your ENV doesn't contain any CI variables:

Then it could be your yarn config:

Run yarn config get enableImmutableInstalls and see if it's enabled. (you can also check why it is enabled by running yarn config --why and looking for enableImmutableInstalls).

If it is true, then run yarn config set -H enableImmutableInstalls false to set the setting's value globally (or without the -H argument to set it only in your current project)

Answer 4

I'm using gitlab ci and got the same error, below solution worked for me:

build:
  stage: build
  image: node:18.12.1
  script: 
    - yarn set version 1.22.19
    - yarn install

Note: Kindly check the node and yarn version from your developer, It should be correct. I'm using node:18.12.1 and yarn 1.22.19. For more information please check below useful link:

https://github.com/renovatebot/renovate/discussions/9481?sort=old#discussioncomment-1154692

Answer 5

In my case, we created a new branch to work on a new project (project B) in the same repo as the old project (project A). The issue was that I accidently ran yarn install in the old directory (project A) instead of the one for the new project (B). As part of the gitlab pipeline we install and test all projects. So when I pushed this new yarn.lock to the feature branch, gitlab was failing to build project A.

THE FIX: I reverted the changes made to yarn.lock of project A, committing only changes made to the directory of the new project (B).

Directory overview:

./parent/
|-- project A         (old - not touched on the new branch)
|   |-- yarn.lock     (I accidently edited this one with `yarn install`. I just had to revert the changes to fix the issue)
|-- project B         (new, being developed on this new branch)
    |-- yarn.lock

Answer 6

In my situation, cleaning the yarn cache locally with a yarn cache clean --all then running yarn install made the changes on yarn.lock the CI saw.

Pushing the updated yarn.lock then fixed the error.

Answer 7

I ran across the same issue and in my case it was a yarn version mismatch!

My local project had the yarn upgraded to berry a long time ago and the current version of yarn was 4.0.2. My pipeline was seting the yarn version with the yarn set version berry command, installing the yarn 4.1.0, changing some checksums on the yarn.lock.

I solved this upgrading yarn locally and fixing the yarn version on the pipeline so instead of yarn set version berry im using yarn set version 4.1.0.

Hope it helps!