The includeDevDependencies option results in incorrect lockfile

[RDeluxe]

• PNPM 9
• node 22

I've got an app A which uses B as a dependency (using pnpm workspace).
I need the devDeps of A to be included in my CI, so I used the includeDevDependencies flag. The deps are correctly kept in package.json and pnpm-lock.yaml

However, the devDependencies of B are also kept in the pnpm-lock.yaml, but are not kept in B's package.json.

Creating a isolate.config.json file with {includeDevDependencies: true} in B does not change this behaviour.

I guess the most simple choice would be to trim all devDependencies except those of the isolated package in pnpm-lock.yaml?

[0x80]

@RDeluxe The feature was aimed solely at keeping the dev dependencies for you main package (A).

I struggle to see the use-case for needing dev dependencies for sub-dependencies.

As far as the lockfile goes, I suspect it was just easy to keep all the dev dependencies in there. I personally do not see the problem with having them in the lockfile.

Could you elaborate on why you need the dev dependencies from your internal / sub-dependencies?

[RDeluxe]

Hello!

I agree, I feel like it should only keep the devDeps of the main package.

But having all devDeps in the lock file will throw a "frozen lockfile error" with PNPM in CI, which forces me to regenerate a lockfile before install. That partially defeats the purpose of isolating my package.

[0x80]

Ah right, yes it definitely isn't supposed to cause a frozen lockfile error. Seems like this feature was not properly tested at the time, and possibly you are the first to use it 😄