From ecad8a724d0ac19d64f9dbf44efe519c05a0171a Mon Sep 17 00:00:00 2001
From: Zoltan Kochan <z@kochan.io>
Date: Sun, 6 Aug 2023 12:17:02 +0300
Subject: [PATCH] fix: install --frozen-lockfile --lockfile-only should work
 (#6915)

close #6913
---
 .changeset/perfect-forks-beg.md               |  6 ++++++
 pkg-manager/core/src/install/index.ts         |  2 +-
 pkg-manager/core/test/install/lockfileOnly.ts | 13 ++++---------
 3 files changed, 11 insertions(+), 10 deletions(-)
 create mode 100644 .changeset/perfect-forks-beg.md

diff --git a/.changeset/perfect-forks-beg.md b/.changeset/perfect-forks-beg.md
new file mode 100644
index 0000000000..07997e306c
--- /dev/null
+++ b/.changeset/perfect-forks-beg.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/core": patch
+"pnpm": patch
+---
+
+`pnpm install --frozen-lockfile --lockfile-only` should fail if the lockfile is not up to date with the `package.json` files [#6913](https://github.com/pnpm/pnpm/issues/6913).
diff --git a/pkg-manager/core/src/install/index.ts b/pkg-manager/core/src/install/index.ts
index e7e843002e..73b024d958 100644
--- a/pkg-manager/core/src/install/index.ts
+++ b/pkg-manager/core/src/install/index.ts
@@ -373,7 +373,7 @@ export async function mutateModules (
       !opts.dedupe &&
       installsOnly &&
       (
-        frozenLockfile && !opts.lockfileOnly ||
+        frozenLockfile ||
         opts.ignorePackageManifest ||
         !needsFullResolution &&
         opts.preferFrozenLockfile &&
diff --git a/pkg-manager/core/test/install/lockfileOnly.ts b/pkg-manager/core/test/install/lockfileOnly.ts
index 91027c0570..601e6ba51d 100644
--- a/pkg-manager/core/test/install/lockfileOnly.ts
+++ b/pkg-manager/core/test/install/lockfileOnly.ts
@@ -75,22 +75,17 @@ test('warn when installing with lockfileOnly = true and node_modules exists', as
   expect(currentLockfile.packages['/rimraf@2.5.1']).toBeFalsy()
 })
 
-// For @pnpm/core it might make sense to throw an exception in this case but for now it is better than having
-// the https://github.com/pnpm/pnpm/issues/4951 issue.
-test('always update the lockfile when lockfileOnly is used, even if frozenLockfile is used', async () => {
-  const project = prepareEmpty()
+test('do not update the lockfile when lockfileOnly and frozenLockfile are both used', async () => {
+  prepareEmpty()
   await addDependenciesToPackage({}, ['is-positive@1.0.0'], await testDefaults({
     lockfileOnly: true,
   }))
-  await install({
+  await expect(install({
     dependencies: {
       'is-positive': '2.0.0',
     },
   }, await testDefaults({
     lockfileOnly: true,
     frozenLockfile: true,
-  }))
-
-  const lockfile = await project.readLockfile()
-  expect(lockfile.dependencies['is-positive'].specifier).toBe('2.0.0')
+  }))).rejects.toThrow(/is not up to date/)
 })