I'd like to verify whether all the dependencies in my project (package.json and yarn.lock) are satisfied without having to run yarn install (which builds out a whole dependency tree and makes network requests)
At first, I was very hopeful that yarn check did this. The following command verifies that each dependency is satisfied in package.json and verifies that the installed package matches the yarn.lock file.
yarn check --integrity --verify-tree
However, the documentation says this is deprecated as of yarn v2, and that yarn install --check-files should be used instead.
But the documentation for --check-files makes it seem like this does something completely different.
yarn install --check-files
Verifies that already installed files in node_modules did not get removed.
I can also verify that running it essentially runs a full yarn install command, so it's not useful here.
Furthermore, the pull request that removed yarn check also mentions that the behavior of --check-files isn't exactly intuitive.
So what's the supported way of running this check in yarn v2 and later? Is there any way to do a lightweight check against package.json and yarn.lock without having to build out the whole dependency tree over a network like yarn install does?
FWIW, a similar question was asked for npm and the solution was to use the --dry-run flag, but that flag doesn't seem to exist in yarn.
There are several options in the yarn cli which probably give you the ability to achieve what you want to do.
My best guess is to use the offline mode to stop any external requests, which you asked for. The frozen lockfile additionally gives you the option to error out in case the dependencies are not in sync with each other.
The option to check files that you mention is not inherently needed for your case, as far as I understand, because you don't want to check the
node_modules-folder rather than thepackage.jsonand theyarn.lock.So how about
yarn install --offline --frozen-lockfile?Best wishes, hope that helps