Lockifest manifests generate errors when `--no-generation` set about cli HOT 4 CLOSED

I'd argue this is expected behavior. You're telling the lockfile generator to parse a file and saying that no lockfile generation should be performed. So if the file is a valid lockfile but the contents aren't a valid lockfile, shouldn't we error out?

Like what do you suggest should happen if the manifest's content is actually invalid and it's a lockfile? How are we to detect that it failed because it is a manifest, when we have no way to determine it is one?

from cli.

I'd argue this is expected behavior. You're telling the lockfile generator to parse a file and saying that no lockfile generation should be performed. So if the file is a valid lockfile but the contents aren't a valid lockfile, shouldn't we error out?

Having --no-generation specified does not automatically mean the dependency file is a known lockfile. It could still be a manifest. Erroring out is still expected...but with a specific error code (20) and a message that explains what happened instead of a parsing stack trace.

Like what do you suggest should happen if the manifest's content is actually invalid and it's a lockfile? How are we to detect that it failed because it is a manifest, when we have no way to determine it is one?

The current lockfile generation documentation for lockifests states:

Phylum handles these files by first attempting to analyze them as a lockfile. If anything in the file is not fully specified, this will fail, and Phylum will silence the error and proceed to lockfile generation.

The suggestion here for what should happen is a modification to say:

Phylum handles these files by first attempting to analyze them as a lockfile. If anything in the file is not fully specified, this will fail, and Phylum will silence the error and proceed to lockfile generation unless lockfile generation is suppressed (e.g., via --no-generation option). In that case, error code 20 will be returned along with a message explaining how the lockifest could not be parsed as a lockfile and requires lockfile generation to parse as a manifest, but lockfile generation was disabled through the CLI.

That is likely too wordy to use in the final documentation update, but the intent is hopefully more clear.

from cli.

Just to clarify, your complaint here is simply about the error code, correct?

Yes...the error code and the inscrutable output.

from cli.

That is likely too wordy to use in the final documentation update, but the intent is hopefully more clear.

Yeah at that point reading the documentation just becomes a chore.

I also do not believe we should return error code 20 in this case. It doesn't make any sense when we cannot determine the cause of the failure.

from cli.