vinext deploy silently runs npm install, downgrading dependencies in Yarn/pnpm workspaces #186
Description
Bug
vinext deploy internally runs npm install during the deploy process. In a Yarn or pnpm monorepo, this silently downgrades hoisted dependencies — in our case, React 19.2.0 was downgraded to 18.3.1 mid-deploy, causing:
Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './server.edge' is not defined by "exports"
in .../node_modules/react-dom/package.json
This is because react-dom/server.edge is a React 19 export that doesn't exist in React 18.
Environment
- vinext: 0.0.13
- Package manager: Yarn 1 (workspace monorepo)
- React: 19.2.0 (specified in root package.json + yarn.lock)
Steps to reproduce
- Set up a Yarn workspace monorepo with React 19.2.0 pinned
- Run
vinext deploy - During deploy, vinext runs
npm installinternally - npm resolves React 18.x (ignoring yarn.lock), overwriting
node_modules/react-dom - Build fails:
./server.edgenot found in react-dom exports
Root cause
vinext deploy runs npm install regardless of which package manager the project uses. This conflicts with Yarn/pnpm lockfiles and can silently downgrade packages.
This is related to #109 (package manager detection) but specific to the deploy command and has a concrete breaking side effect beyond just using the wrong installer.
Workaround
Run next build + wrangler deploy separately — do not use vinext deploy:
# In package.json
"build": "next build",
"deploy": "yarn build && wrangler deploy"Expected behavior
vinext deploy should respect the project's package manager (detect via lockfile: yarn.lock → yarn, pnpm-lock.yaml → pnpm, package-lock.json → npm). It should not run npm install in a Yarn or pnpm project.
See also: #109