From 4c2bce3254500f49132aba0764d527192b85f686 Mon Sep 17 00:00:00 2001 From: joshp123 Date: Sun, 15 Feb 2026 15:56:48 -0800 Subject: [PATCH] Build: explain lockfile copy rationale --- scripts/copy-pnpm-lock-to-dist.mjs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/copy-pnpm-lock-to-dist.mjs b/scripts/copy-pnpm-lock-to-dist.mjs index f037bc181e6..6899515c0de 100644 --- a/scripts/copy-pnpm-lock-to-dist.mjs +++ b/scripts/copy-pnpm-lock-to-dist.mjs @@ -1,6 +1,16 @@ import fs from "node:fs/promises"; import path from "node:path"; +// Why is this in `dist/`? +// +// `npm pack`/`npm publish` will not include a top-level `pnpm-lock.yaml` in the +// tarball, even if it is listed in `package.json#files`. +// +// Packagers (eg Nix) still want the lockfile to deterministically reproduce the +// runtime `node_modules` for a published OpenClaw version. +// +// Workaround: copy it under `dist/` (which is already published) so it ships as +// `dist/pnpm-lock.yaml`. const repoRoot = process.cwd(); const src = path.join(repoRoot, "pnpm-lock.yaml"); const outDir = path.join(repoRoot, "dist");