Berry: [Bug] Cannot migrate legacy lockfiles with private GitHub Package dependencies

➤ YN0014: │ react-input-range@git://github.com/nash-io/react-input-range#7895c98aaadb0f115557efd17330e10da8b785c7: Only some patterns can be imported from legacy lockfiles (not "git://github.com/nash-io/react-input-range#7895c98aaadb0f115557efd17330e10da8b785c7")

IMPORTED_PATTERNS const would probably need some kind of an update.

https://github.com/yarnpkg/berry/blob/ea94f88b7a2f9b728d2fc5e665b9495c549c88f1/packages/yarnpkg-core/sources/LegacyMigrationResolver.ts#L12-L22

Same here although mine has a .tgz in there yet is served through an artifacts repository

➤ YN0014: │ webpack-hot-middleware@npm:^2.25.0: Only some patterns can be imported from legacy lockfiles (not "https://mycompany.artifactory.com/mycompany/api/npm/npm/webpack-hot-middleware/-/webpack-hot-middleware-2.25.0.tgz#4528a0a63ec37f8f8ef565cf9e534d57d09fe706")

Hi! 👋

This issue looks stale, and doesn't feature the reproducible label - which implies that you didn't provide a working reproduction using Sherlock. As a result, it'll be closed in a few days unless a maintainer explicitly vouches for it or you edit your first post to include a formal reproduction (you can use the playground for that).

Note that we require Sherlock reproductions for long-lived issues (rather than standalone git repositories or similar) because we're a small team. Sherlock gives us the ability to check which bugs are still affecting the master branch at any given point, and decreases the amount of code we need to run on our own machines (thus leading to faster bug resolution faster). It helps us help you! 😃

If you absolutely cannot reproduce a bug on Sherlock (for example because it's a Windows-only issue), a maintainer will have to manually add the upholded label.

Just tried running Yarn Berry on an internal corporate repo and got the same error.

We're running an internal NexusRepository server as an NPM package registry proxy.

The URLS look like:

https://nexusrepomgr.$CORPORATION.com/repository/npm-proxy/yn/-/yn-3.1.1.tgz#1e87401a09d767c1d5eab26a6e4c185182d2eb50

The problem does not seem to be fixed.

➤ YN0065: Yarn will periodically gather anonymous telemetry: https://yarnpkg.com/advanced/telemetry
➤ YN0065: Run yarn config set --home enableTelemetry 0 to disable

➤ YN0000: ┌ Validation step
➤ YN0057: │ @company/our-project: Resolutions field will be ignored
➤ YN0000: └ Completed
➤ YN0000: ┌ Resolution step
➤ YN0014: │ @company/our-package-name@npm:1.3.1: Only some patterns can be imported from legacy lockfiles (not "https://npm.pkg.github.com/download/@company/our-package-name/1.3.1/64characterslonghash#40characterslonghash")
➤ YN0014: │ @company/another-package-name@npm:^0.1.8: Only some patterns can be imported from legacy lockfiles (not "https://npm.pkg.github.com/download/@company/another-package-name/0.1.8/64characterslonghash#40characterslonghash")
➤ YN0033: │ aws-cdk@npm:1.67.0: No authentication configured for request
➤ YN0000: └ Completed in 1s 648ms
➤ YN0000: Failed with errors in 1s 649ms
➤ YN0061: @types/nock@npm:11.1.0 is deprecated: This is a stub types definition. nock provides its own type definitions, so you do not need this installed.

I was following the https://yarnpkg.com/getting-started/migration and yarn install fails (repository is a monorepo).

This is a blocker for upgrading to yarn 2. We use a myget registry for our packages. Many other companies will use many different registry hosts. It seems very odd that you would restrict to only github and npm registries. Surely, it should not matter which company is hosting the registry? Why does it not use the same as v1? Unfortunately this means that we can't upgrade to v2.

We migrate what we know how to migrate. Custom registry paths are custom, hence we don't know how to migrate them. If you rely on non-standard registry patterns it should be expected that you might have to get your hands slightly dirty.

That being said the migration got improved in master to add knowledge for more patterns, so perhaps it'll be enough. Will be released in a few days.

Thanks, I did some work on setting the scoped registries in .yarnrc.yaml file and then I deleted our old yarn.lock and ran yarn install. It recreated a new yarn.lock and so far seems to have created the correct "resolution" for our private packages. So, it seems that converting the old yarn.lock is not such a problem anyway - still got some way to go in getting everything working but at least this doesn't seem to be a blocker. Thanks for the speedy feedback.

I'm seeing this error when trying to convert to Yarn 2 with Font Awesome Pro in the mix, which seems like it may be pretty common.

➤ YN0014: │ @fortawesome/vue-fontawesome@npm:^0.1.9: Only some patterns can be imported from legacy lockfiles (not "https://npm.fontawesome.com/@fortawesome/vue-fontawesome/-/0.1.10/vue-fontawesome-0.1.10.tgz#eeeec1e4e8850bed0468f938292b06cda793bf34")

@Petercopter Will be fixed once #2164 is merged. You can use yarn set version from sources --branch 2164 to test it.

@paul-soporan Thanks! It looks like I can just delete my yarn.lock and do a fresh install, I'm going to see how it goes down this path.

Get a similar error when using Yarn 2 with Framer X:

➤ YN0000: ┌ Resolution step
➤ YN0014: │ @framer/framer.default@npm:^1.97.0: Only some patterns can be imported from legacy lockfiles (not "https://registry.framer.com/@framer/framer.default/-/@framer/framer.default-1.97.0.tgz#3bb66255b6ff8f8b2c928eb8dc56279c4c315c08")
➤ YN0001: │ HTTPError: Response code 404 (Not Found)
    at se.<anonymous> (/Users/shripadkrishna/project/.yarn/releases/yarn-berry.js:23:10082)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
➤ YN0000: └ Completed in 1s 220ms
➤ YN0000: Failed with errors in 1s 225ms

Open a new issue please