serverless-webpack: Unable to deploy a service using local packages

This is a Bug Report

Description

When attempting to package or deploy a service which uses local packages either referenced via file: or yarn-workspace definitions, the deploy/package step that triggers the webpack build throws an error with

Command failed: yarn install --frozen-lockfile --non-interactive
error An unexpected error occurred: "Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`.".

Running yarn install --frozen-lockfile --non-interactive manually works just fine, so that points to an issue with serverless-webpack.

For bug reports:

What went wrong? sls deploy and sls package fail with "Your lockfile needs to be updated, but yarn was run with `--frozen-lockfile`." error when using a local package
What did you expect should have happened? The service should have been packaged and deployed successfully
What was the config you used?
What stacktrace or error message from your provider did you see?

@HyperBrain as requested in #369 I’ve opened a separate issue. I also went ahead and prepared a minimal repro repo with the config and dependencies set up that cause these issues to surface. https://github.com/mzmiric5/sls-wp-build-error-repro Some notes:

services/sls-only is a template without webpack, which deploys correctly and has no problems running on AWS
shared/third-party-private is a placeholder for a package we are unable to share, but the fact that the package we are using has this one specific dependency is causing npm repro to fail with an error on npm install inside the sls package/deploy step
our team primarily uses yarn, so this is our primary concern, and services/sls-wp-yarn shows the issue the best, as it fails with both the third-party-private package and the moment-wrapper example package (which the npm packager doesn’t have an issue with)

For feature proposals:

What is the use case that should be solved. The more detail you describe this in the easier it is to understand for us.
If there is additional config how would it look

Similar or dependent issue(s):

Additional Data

Serverless-Webpack Version you’re using: 5.1.1
Webpack version you’re using: 4.5.0
Serverless Framework Version you’re using: 1.26.1
Operating System: macOS Sierra 10.12.6
Stack Trace (if available):

About this issue

Original URL
State: closed
Created 6 years ago
Reactions: 4
Comments: 23 (12 by maintainers)

Most upvoted comments

I’m experiencing this issue using serverless-webpack 5.2.0. I have private scoped packages, and one of the dependencies that are defined in my private package is showing up without a version in .webpack/dependencies/package.json. However, it appears to be correct in the yarn.lock in that directory. I am whitelisting my scoped packages in the webpack config.

externals: [nodeExternals({
    whitelist: [/^@my-scope/],
  })],

+11

chris-feist on Nov 2, 2018

@danrivett, I was able to get serverless-webpack working in yarn monorepos by whitelisting them like so in the webpack config file…

externals: [
    nodeExternals({
      whitelist: ['private_package_1', 'private_package_2']
    })],

jCube1980 on Jun 11, 2020

Thanks for the helpful info. When I looked at .webpack/dependencies/package.json, I noticed a package listed with an empty version number:

"dependencies": {
    "aws-sdk": "",

This struck me as odd since I don’t use aws-sdk and it’s not listed in my package.json. So I added it to my package.json via ‘yarn add aws-sdk’. After that, the error went away and deployments started working with yarn specified as the webpack packager.

nicholas-gates on Apr 25, 2018

Hi @nickelstar ,

Can you check the package.json files that are generated by the plugin during deployment? You should find them after the error happens in the .webpack/dependencies and .webpack/service or .webpack/---function-name-- folders. It might be that a dependency you have is wrongly put into devDependencies and as a consequence is not installed and packaged during the deployment.

The frozen-lockfile error should reliably detect such errors, even if it does not show the exact reason without deeper inspection.

HyperBrain on Apr 25, 2018

@danrivett, I was able to get serverless-webpack working in yarn monorepos by whitelisting them like so in the webpack config file…
externals: [
    nodeExternals({
      whitelist: ['private_package_1', 'private_package_2']
    })],

This worked perfectly for me, except the parameter name is different:

externals: [nodeExternals({ **allowlist**: ['private_package_1', 'private_package_2'], })],

Thank you for showing me the way…

christopherchubb on Jul 29, 2020

Released with 5.1.3

HyperBrain on Apr 28, 2018

@HyperBrain I have this dependencies:

"dependencies": {
    "moment": "^2.20.1",
    "moment-timezone": "^0.5.14",
    "mongodb": "^2.2.33",
    "mssql": "^4.1.0",
    "object.values": "^1.0.4",
    "papaparse": "^4.3.6",
    "slug": "^0.9.1",
    "source-map-support": "^0.5.0",
    "sprintf-js": "^1.1.1",
    "underscore": "^1.8.3"
  },
  "devDependencies": {
    "aws-sdk": "^2.172.0",
    "babel-core": "^6.26.0",
    "babel-eslint": "^8.0.3",
    "babel-jest": "^22.1.0",
    "babel-loader": "^7.1.2",
    "babel-plugin-transform-runtime": "^6.23.0",
    "babel-preset-env": "^1.6.1",
    "babel-preset-flow": "^6.23.0",
    "eslint": "^4.16.0",
    "eslint-config-airbnb-base": "^12.1.0",
    "eslint-plugin-flowtype": "^2.40.1",
    "eslint-plugin-import": "^2.8.0",
    "eslint-plugin-jest": "^21.7.0",
    "flow-bin": "^0.63.1",
    "flow-typed": "^2.4.0",
    "glob": "^7.1.2",
    "jest": "^22.2.0",
    "serverless": "^1.25.0",
    "serverless-log-forwarding": "^1.1.6",
    "serverless-offline": "^3.16.0",
    "serverless-secrets": "https://github.com/franciscocpg/serverless-secrets.git#e623994662366b6fcfe7cc40f1d85fd19b5029cd",
    "serverless-webpack": "^5.1.1",
    "webpack": "^3.10.0",
    "webpack-node-externals": "^1.6.0",
    "webpack-plugin-copy": "^1.0.1"
  }

and then I see this .webpack/dependencies/package.json generated:

{
  (...)
  "dependencies": {
    "mongodb": "^2.2.33",
    "mssql": "^4.1.0",
    "object.values": "^1.0.4",
    "source-map-support": "^0.5.0",
    "moment": "^2.20.1",
    "lodash": "",
    "slug": "^0.9.1",
    "moment-timezone": "^0.5.14",
    "papaparse": "^4.3.6",
    "underscore": "^1.8.3",
    "sprintf-js": "^1.1.1"
  }
}

This empty lodash ("lodash":"") is causing the Your lockfile needs to be updated, but yarn was run with --frozen-lockfile error for me.

If I remove it yarn install --frozen-lockfile --non-interactive runs successfully. Do you have some idea what is causing this empty lodash?

Also when I run sls package I got a lot of warnings like this: WARNING: Could not determine version of module lodash.

franciscocpg on Apr 25, 2018