On Your Machine
We have a lot of dependencies, and they're constantly updating, so be sure to occasionally run
yarn install to stay up-to-date.
yarn install is failing run
yarn -v and check that it is at least 1.22.0. Run
npm install -g yarn to update to the latest version if needed.
We have a script that can automatically detect changes to the
yarn.lock file and run
yarn install when you check out a branch or pull in latest. To enable it set
FXA_AUTO_INSTALL=1. If you don't enable it, you'll see a warning when changes are detected letting you know to run
yarn install manually.
Dependabot Pull Requests
We use GitHub's Dependabot to automatically update our dependencies.
It runs daily, opening Pull Requests whenever a update is available for any of our many packages' dependencies. PRs will automatically request a review from the
@mozilla/fxa-devs GitHub group. FxA engineers are expected to occasionally pitch in with reviewing and merging these PRs.
Click here to see all open Dependabot PRs.
A note about resolutions for sub-dependencies
Resolutions may not work for sub-dependencies. If adding a resolution for a dependency in
package.json is not picked up by
yarn.lock, you might need to set the resolution manually (this will need to be done for each installed version of the dependency that needs to be resolved).
This generally happens when a dependency has not updated one of it's sub-dependencies, and we would like to force an update for that sub-dependency in our project.
For example, if
package@npm:1.1.1, package@npm:^1.2.0 and the dependency needs to be resolved to
1.3.0, 2 commands will need to be run (with 'package' here replaced with the name of the dependency that needs to be resolved):
yarn set resolution package@npm:1.1.1 '>1.3.0'
yarn set resolution package@npm:^1.2.0 '>1.3.0'