Implementation:Apache Dolphinscheduler UI Dependency Lockfile
| Knowledge Sources | |
|---|---|
| Domains | Frontend, Dependency_Management |
| Last Updated | 2026-02-10 00:00 GMT |
Overview
Concrete lock file that pins the exact resolved versions and integrity hashes for all direct and transitive npm dependencies of the DolphinScheduler frontend module.
Description
The pnpm-lock.yaml file is automatically generated by the pnpm package manager. It records every resolved package version, its registry URL, integrity hash (SHA-512), and the full dependency tree for the dolphinscheduler-ui module. The lockfile format version is 5.4, corresponding to pnpm v7.x. It captures both production dependencies (Vue 3, naive-ui, echarts, @antv/x6, axios, pinia, etc.) and development dependencies (Vite, TypeScript, ESLint, Prettier, Sass).
Usage
This file is consumed automatically by pnpm install to reproduce an identical node_modules tree across all development and CI/CD environments. It should be committed to version control and never edited manually.
Code Reference
Source Location
- Repository: Apache_Dolphinscheduler
- File: dolphinscheduler-ui/pnpm-lock.yaml
- Lines: 1-3744
Signature
lockfileVersion: 5.4
specifiers:
'@antv/layout': 0.1.31
'@antv/x6': ^1.34.1
# ... all package specifiers
dependencies:
'@antv/layout': 0.1.31
'@antv/x6': 1.34.13
# ... resolved production dependencies
devDependencies:
'@typescript-eslint/eslint-plugin': 5.62.0
'@vitejs/plugin-vue': 3.2.0
# ... resolved dev dependencies
packages:
# ... full resolved dependency tree with integrity hashes
Import
# Not imported directly; consumed by pnpm install
pnpm install
I/O Contract
Inputs
| Name | Type | Required | Description |
|---|---|---|---|
| package.json | JSON manifest | Yes | Declares direct dependency specifiers and version ranges |
| pnpm configuration | .npmrc / pnpm settings | No | Registry URL, hoisting rules, and resolution overrides |
Outputs
| Name | Type | Description |
|---|---|---|
| node_modules | Directory tree | Deterministic dependency installation matching locked versions |
| Integrity verification | SHA-512 hashes | Ensures downloaded packages have not been tampered with |
Usage Examples
Install Dependencies From Lockfile
# Install exact versions from the lockfile (CI-safe)
cd dolphinscheduler-ui
pnpm install --frozen-lockfile
Update Lockfile After Dependency Change
# After modifying package.json, regenerate the lockfile
cd dolphinscheduler-ui
pnpm install
# Commit the updated pnpm-lock.yaml
git add pnpm-lock.yaml
git commit -m "chore: update frontend dependency lockfile"