yarn 🚀 - `yarn install --production` doesn't install correct dependencies

@Daniel15 I guess this is because of nodemon is having latest version of minimatch.

The linker function currently takes in both deps and dev deps into it. For argument production, this should be prevented.

Even on normal yarn install with out production argument. Only latest version is installed in the actual path. This has to checked too.

sendilkumarn on 12 Oct 2016

I'm getting a similar problem when running yarn install --production and then trying to run my build using webpack (running yarn install works fine).

> NODE_ENV=production webpack -p --config webpack/production.config.js

module.js:457
    throw err;
    ^

Error: Cannot find module 'graceful-fs'
    at Function.Module._resolveFilename (module.js:455:15)
    at Function.Module._load (module.js:403:25)
    at Module.require (module.js:483:17)
    at require (internal/module.js:20:19)

and if I recall correctly, previous attempts showed similar errors with another package (not only graceful-fs)

liorbrauer on 13 Oct 2016

👍3

I'm getting very similar as well... yarn install works just fine. but with the --production flag I get this:

> yarn install --production

yarn install v0.15.1
error npm-shrinkwrap.json found. This will not be updated or respected. See [TODO] for more information.
[1/4] Resolving packages...
[2/4] Fetching packages...
warning [email protected]: The engine "rhino" appears to be invalid.
warning [email protected]: The platform "win32" is incompatible with this module.
info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
warning [email protected]: The engine "rhino" appears to be invalid.
warning [email protected]: The engine "rhino" appears to be invalid.
[3/4] Linking dependencies...
[4/4] Building fresh packages...
[1/1] ⠐ node-sass:     at Module.require (module.js:367:17)
[-/1] ⠐ waiting...
[-/1] ⠐ waiting...
[-/1] ⠐ waiting...
error C:\vagrant\ebroker-quoteengine\node_modules\node-sass: Command failed.
Exit code: 1
Command: C:\WINDOWS\system32\cmd.exe
Arguments: /d /s /c node scripts/install.js
Directory: C:\vagrant\ebroker-quoteengine\node_modules\node-sass
Output:
module.js:341
    throw err;
    ^

Error: Cannot find module 'tough-cookie'
    at Function.Module._resolveFilename (module.js:339:15)
    at Function.Module._load (module.js:290:25)
    at Module.require (module.js:367:17)
    at require (internal/module.js:16:19)
    at Object.<anonymous> (C:\vagrant\ebroker-quoteengine\node_modules\node-sass\node_modules\request\lib\cookies.js:3:13)
    at Module._compile (module.js:413:34)
    at Object.Module._extensions..js (module.js:422:10)
    at Module.load (module.js:357:32)
    at Function.Module._load (module.js:314:12)
    at Module.require (module.js:367:17)
    at SpawnError (C:\Users\nathan.white\AppData\Roaming\npm\node_modules\yarnpkg\lib\errors.js:18:1)
    at ChildProcess.<anonymous> (C:\Users\nathan.white\AppData\Roaming\npm\node_modules\yarnpkg\lib\util\child.js:107:15)
    at emitTwo (events.js:100:13)
    at ChildProcess.emit (events.js:185:7)
    at maybeClose (internal/child_process.js:827:16)
    at Socket.<anonymous> (internal/child_process.js:319:11)
    at emitOne (events.js:90:13)
    at Socket.emit (events.js:182:7)
    at Pipe._onclose (net.js:471:12)

comfroels on 14 Oct 2016

👍1

Can reproduce a similar issue with:

npm init --yes
yarn add --dev nodemon
yarn add gulp
rm -rf node_modules
yarn install --production

This will install is-glob but not its dependency is-extglob:

> yarn why is-glob
yarn why v0.16.0
# ...
info Reasons this module exists
   - "nodemon#chokidar" depends on it
   - "gulp#liftoff#findup-sync" depends on it

> yarn why is-extglob
yarn why v0.16.0
#  ...
info This module exists because "nodemon#chokidar#is-glob" depends on it.

It seems to "forget" the gulp#liftoff dependency path while traversing..?

EDIT: Smaller example:

npm init --yes
yarn add --dev [email protected]
yarn add [email protected]
rm -rf node_modules
yarn --prod
node -e "require('is-glob')"

Also confirmed that removing devDependencies before running yarn --prod installs the correct dependency tree.

jkrems on 19 Oct 2016

My software team ran into this issue, specifically with the package prr which is a dependency of both less and pouchdb. Many other packages were also missing from the --production build but prr was the first to cause a failure in our product. This issue has been a showstopper for us as the size of our installer would significantly increase if we included the dev packages, so we've returned to using npm.

ArkadyDR on 23 Oct 2016

FWIW: I can work around the issue by deleting devDependencies section from package.json prior to running yarn in production.

gihrig on 28 Oct 2016

👍7

as @gihrig said running npm prune --production can remove the devDependencies which helps to workaround this issue.

royriojas on 31 Oct 2016

as @gihrig said running npm prune --production can remove the devDependencies which helps to workaround this issue.

Yarn's main advantage over npm is a deterministic node_modules dir i.e. same in dev, CI, and production out of the box. Does running npm prune --production yield that same behavior?

My current workaround is to just install devDependencies in production as well. Disk is cheap (especially on AWS) and a deterministic install is much more important to me than disk space. So my "workaround" is to just act like yarn --production does not exist right now .

tanx on 31 Oct 2016

@tanx npm prune --production just remove the devDependencies. And in my tests always the same modules were removed. On the other hand, yes disk space is cheap, so maybe acting as if yarn --production does not exits is a better workaround :)

royriojas on 31 Oct 2016

@tanx npm prune --production just remove the devDependencies. And in my tests always the same modules were removed.

This is precisely the "works on my machine" mentality described in the Yarn blog post. The problem is you're letting npm change the state of node_modules without yarn's integrity check via theyarn.lock file.

tanx on 31 Oct 2016

Hopefully the workarounds discussed will be rendered moot soon by an yarn update to respect dev vs production deps. In the meantime, indeed there is much to groan about with the "npm prune" post-processing hack.

kylecordes on 31 Oct 2016

The yarn why thing described above is unrelated afaict. It looks to be just a side effect of how the why code is searching for the packages.

jkrems on 2 Nov 2016

Tried to find a nice way of doing this without adding an additional pass to propagate the visibility after the graph was walked once. Not sure if it would be acceptable to just split out the visibility into a separate step..?

jkrems on 8 Nov 2016

There's some interesting edge cases as well, it's not just about properly resolving visibility:

A is an optional dependency of a production dependency
B is a non-optional dependency of a dev dependency
C is a non-optional dependency of both

In that case the optional flag of C depends on dev vs. prod. In dev it would be non-optional, in prod it would be optional. Just inheriting the optional flag from one of the parents (or always inheriting it from the prod parent) could lead to weirdness.

jkrems on 8 Nov 2016

This is still not fixed in 0.17.2 😢

Repro: https://gist.github.com/SimenB/2b179f3b6bca73ba824e1273ea38aed3

yarn

node index.js # works

yarn --prod

node index.js # explodes

/cc @jkrems

SimenB on 16 Nov 2016

👍3

Doesn't seem fixed for me either in 0.17.2 (HearthSim/Joust#169).

beheh on 16 Nov 2016

I am going to reopen it as it can be easily reproduced with @SimenB's instructions.

wyze on 16 Nov 2016

@wyze The problem might be the install itself, and not the pruning?

rm -rf node_modules/ && yarn && npm prune --production && node index.js fails with the same error.

rm -rf node_modules/ && npm i && npm prune --production && node index.js works though.

I guess yarn and npm are not meant to be used at the same time though, so might be a coincidence that it produces the same error.

Diffing node_modules after npm i and yarn shows that yarn doesn't output "_requiredBy", probably why npm prune messes up after a yarn install. That info is available in the lockfile though, so it shouldn't be an issue, should it?

SimenB on 17 Nov 2016

Same issue here, we were testing production building on docker and find out that with yarn --production the package mime was missing even if the parent module send (used by express) was installed.

I think this issue should be handled with maximum priority because cause unpredictable builds.

SharpEdgeMarshall on 18 Nov 2016

👍10

As a workaround, I am simply removing the devDependencies section from package.json in my build script.

$ jq 'del(.devDependencies)' package.json > tmp.json && mv tmp.json package.json

dy-dx on 19 Nov 2016

👍8

Following @dy-dx advice i've written a custom entrypoint for Docker to monkeypatch this issue during development:

First of all you should install jq in your Dockerfile adding this line somewhere:

RUN apt-get update && \
    apt-get install -y jq

Then add this script somewhere and use it as Dockerfile [ENTRYPOINT] or docker-compose entrypoint entrypoint.sh

Use your preferred command to Dockerfile [CMD] or docker-compose command E.g. npm start

The same script could be used in CI with some edit to build the image

SharpEdgeMarshall on 22 Nov 2016

👍1

@SimenB Can you please remove the node_modules from your entries-test package and try?

https://registry.yarnpkg.com/entries-test/-/entries-test-1.0.1.tgz#1bf192e414ceadd0cf4b77b3969df32de2985d50

Extract v1.0.1 tar ball, there's a node_modules folder with define-properties and other modules. And, none of them have any *.js file.

torifat on 27 Nov 2016

@torifat Huh, how did that even make it in? It shouldn't be possible to include a node_modules without using bundledDependencies...
Will try to push a clean one (I've deleted the projects, will have to recreate).

SimenB on 27 Nov 2016

@torifat It's yarn's fault it looks like.

$ mkdir some-dir && cd some-dir && yarn init -y && yarn add object.entries && yarn pack && tar -ztvf some-dir-v1.0.0.tgz
drwxr-xr-x  0 0      0           0 Nov 27 10:36 package
-rw-r--r--  0 0      0         972 Oct 15  2015 package/node_modules/define-properties/CHANGELOG.md
-rw-r--r--  0 0      0        1080 Oct 15  2015 package/node_modules/define-properties/LICENSE
-rw-r--r--  0 0      0        2725 Oct 15  2015 package/node_modules/define-properties/README.md
-rw-r--r--  0 0      0        1593 Oct 15  2015 package/node_modules/define-properties/package.json
-rw-r--r--  0 0      0        3798 Aug 21 11:09 package/node_modules/es-abstract/CHANGELOG.md
-rw-r--r--  0 0      0        1080 Jul 29  2015 package/node_modules/es-abstract/LICENSE
-rw-r--r--  0 0      0        1812 Aug 13  2015 package/node_modules/es-abstract/README.md
-rw-r--r--  0 0      0        1989 Aug 21 11:09 package/node_modules/es-abstract/package.json
-rw-r--r--  0 0      0        1207 Jan  4  2016 package/node_modules/es-to-primitive/CHANGELOG.md
-rw-r--r--  0 0      0        1082 Nov  1  2015 package/node_modules/es-to-primitive/LICENSE
-rw-r--r--  0 0      0        2180 Nov  1  2015 package/node_modules/es-to-primitive/README.md
-rw-r--r--  0 0      0        1558 Jan  4  2016 package/node_modules/es-to-primitive/package.json
-rw-r--r--  0 0      0        1074 Sep 22  2014 package/node_modules/foreach/LICENSE
-rw-r--r--  0 0      0         593 Sep 22  2014 package/node_modules/foreach/Readme.md
-rw-r--r--  0 0      0        1297 Sep 22  2014 package/node_modules/foreach/package.json
-rw-r--r--  0 0      0        1052 Feb 14  2016 package/node_modules/function-bind/LICENSE
-rw-r--r--  0 0      0        1488 Feb 14  2016 package/node_modules/function-bind/README.md
-rw-r--r--  0 0      0        1619 Feb 14  2016 package/node_modules/function-bind/package.json
-rw-r--r--  0 0      0        1060 Jul 24  2015 package/node_modules/has/LICENSE-MIT
-rw-r--r--  0 0      0         239 Jul 24  2015 package/node_modules/has/README.mkd
-rw-r--r--  0 0      0         782 Jul 24  2015 package/node_modules/has/package.json
-rw-r--r--  0 0      0        1839 Feb 28  2016 package/node_modules/is-callable/CHANGELOG.md
-rw-r--r--  0 0      0        1082 May 19  2015 package/node_modules/is-callable/LICENSE
-rw-r--r--  0 0      0        1978 Aug 12  2015 package/node_modules/is-callable/README.md
-rw-r--r--  0 0      0        1983 Feb 28  2016 package/node_modules/is-callable/package.json
-rw-r--r--  0 0      0         421 Sep 27  2015 package/node_modules/is-date-object/CHANGELOG.md
-rw-r--r--  0 0      0        1082 Mar 13  2015 package/node_modules/is-date-object/LICENSE
-rw-r--r--  0 0      0        1751 Aug 12  2015 package/node_modules/is-date-object/README.md
-rw-r--r--  0 0      0        1420 Sep 27  2015 package/node_modules/is-date-object/package.json
-rw-r--r--  0 0      0         482 Jan 30  2015 package/node_modules/is-regex/CHANGELOG.md
-rw-r--r--  0 0      0        1081 Jan 15  2014 package/node_modules/is-regex/LICENSE
-rw-r--r--  0 0      0        1623 Jan 28  2015 package/node_modules/is-regex/README.md
-rw-r--r--  0 0      0        1512 Jan 30  2015 package/node_modules/is-regex/package.json
-rw-r--r--  0 0      0         121 Jan 26  2015 package/node_modules/is-symbol/CHANGELOG.md
-rw-r--r--  0 0      0        1082 Jan 24  2015 package/node_modules/is-symbol/LICENSE
-rw-r--r--  0 0      0        1469 Jan 24  2015 package/node_modules/is-symbol/README.md
-rw-r--r--  0 0      0        1214 Jan 26  2015 package/node_modules/is-symbol/package.json
-rw-r--r--  0 0      0        6992 Jul  5 19:14 package/node_modules/object-keys/CHANGELOG.md
-rw-r--r--  0 0      0        1080 Oct 15  2015 package/node_modules/object-keys/LICENSE
-rw-r--r--  0 0      0        2460 Oct 15  2015 package/node_modules/object-keys/README.md
-rw-r--r--  0 0      0        1955 Jul  5 19:14 package/node_modules/object-keys/package.json
-rw-r--r--  0 0      0         560 Oct  6  2015 package/node_modules/object.entries/CHANGELOG.md
-rw-r--r--  0 0      0        1082 Sep  2  2015 package/node_modules/object.entries/LICENSE
-rw-r--r--  0 0      0        2339 Sep  2  2015 package/node_modules/object.entries/README.md
-rw-r--r--  0 0      0        1636 Oct  6  2015 package/node_modules/object.entries/package.json
-rw-r--r--  0 0      0         145 Nov 27 10:36 package/package.json

Using npm pack works as expected (in same dir).

$ npm pack && tar -ztvf some-dir-1.0.0.tgz
-rw-r--r--  0 501    20        145 Nov 27 10:36 package/package.json
-rw-r--r--  0 501    20       2460 Nov 27 10:36 package/yarn.lock

SimenB on 27 Nov 2016

Seems like Yarn is so hell bent on including changelog, readme and package.json it even includes them from node_modules...

Using [email protected]

SimenB on 27 Nov 2016

@torifat Published 1.0.2 now (using npm to avoid the bug just mentioned), still the same issue

SimenB on 27 Nov 2016

Opened up #2047 for the bug regarding node_modules, but it's a red herring in this issue, as my repro is still valid with a proper tarball published.

(sorry about the spam to subscribed people, I'll stop now)

SimenB on 27 Nov 2016

@SimenB Thanks for your time. I have figured out the bug.

torifat on 27 Nov 2016

This appears to be related to #2104, which I just opened. The node_modules/.bin after the OP's install:

$ ll node_modules/.bin
total 16
lrwxr-xr-x  1 samuelreed  staff    22B Dec  1 11:16 forever -> ../forever/bin/forever
lrwxr-xr-x  1 samuelreed  staff   109B Dec  1 11:16 nodemon -> ../../../../../Library/Caches/Yarn/npm-nodemon-1.11.0-226c562bd2a7b13d3d7518b49ad4828a3623d06c/bin/nodemon.js

STRML on 1 Dec 2016

Fixed via #2116.

sebmck on 2 Dec 2016

👎11

Has #2116 been merged in yet? I can't see it in the commit history. Seems premature to close a bunch of issues before a fix is available at least on master if not in a tagged release. Also, it looks like #2116 is failing all three checks. Am I missing something?

kswedberg on 2 Dec 2016

👍7

This is still an issue in v0.18.0, which includes (#2116).

dy-dx on 6 Dec 2016

yes, i can confirm that this issue is still present in 0.18.0

ctaepper on 6 Dec 2016

From what i see the #2116 should have introduced testing for this issue ( test.concurrent('--production flag ignores dev dependencies'... or i'm wrong?

SharpEdgeMarshall on 6 Dec 2016

The test doesn't verify correct behaviour for transitive dependencies:
In my case the issue is a shared dependant (lru-cache) between a prod (minimatch v2.0.0) and a dev (useragent v2.1.9) dependency. That shared dependant is not installed in --production, even though the prod dependency requires it.

beheh on 6 Dec 2016

@beheh I don't see were minimatch uses lru-cache, maybe that's why is not installed in production?

I'm doing some tests with 0.18.0

dep { A->B }
devDep { B }
OK
A,B are installed.

dep { A->C->D }
devDep { B->C->D }
OK
A,C,D are installed.

dep { E->A->C->D }
devDep { B->C->D }
KO
E,A,C are installed but D is missing.

this is the case illustrated by @SimenB

"dependencies": {
    "entries-test": "^1.0.1"
  },
  "devDependencies": {
    "object.values": "^1.0.3"
  }

SharpEdgeMarshall on 6 Dec 2016

👍4

@SharpEdgeMarshall Thanks for testing. I will add it as a test case.

torifat on 6 Dec 2016

@torifat might consider reopening this as well

SimenB on 6 Dec 2016

@SharpEdgeMarshall Tried the following and it's working. Need to figure out the actual problem.

screenshot 2016-12-06 21 18 44

@SimenB need to verify before reopening. This might happen due optionalDependencies too. Which has another open issue.

torifat on 6 Dec 2016

@torifat my repro still happens: https://github.com/yarnpkg/yarn/issues/761#issuecomment-260975012

EDIT: Which has no optional deps, grep optional yarn.lock exits with 1

SimenB on 6 Dec 2016

It now fails on Error: Cannot find module 'object-keys' instead of missing define-properties though.

$ yarn why object-keys
yarn why v0.18.0
[1/4] 🤔  Why do we have the module "object-keys"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
info This module exists because "object.values#define-properties" depends on it.
✨  Done in 0.09s.

Seems like it now handles one level deeper, but then fails

SimenB on 6 Dec 2016

@SimenB Just tried with your:

{
  "dependencies": {
    "entries-test": "^1.0.1"
  },
  "devDependencies": {
    "object.values": "^1.0.3"
  }
}

And, it's working fine for me. Can you do a yarn cache clean and try again?

torifat on 6 Dec 2016

Nope, fails

SimenB on 6 Dec 2016

@SimenB Can you share your yarn.lock file?

torifat on 6 Dec 2016

$ rm -rf node_modules && rm yarn.lock && yarn cache clean && yarn && node index.js && yarn --prod && node index.js
yarn cache v0.18.0
success Cleared cache.
✨  Done in 0.07s.
yarn install v0.18.0
info No lockfile found.
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
✨  Done in 0.92s.
yarn install v0.18.0
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
✨  Done in 0.18s.
module.js:471
    throw err;
    ^

Error: Cannot find module 'object-keys'
    at Function.Module._resolveFilename (module.js:469:15)
    at Function.Module._load (module.js:417:25)
    at Module.require (module.js:497:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (/Users/simbekkh/repos/ugh/node_modules/define-properties/index.js:3:12)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)

SimenB on 6 Dec 2016

For me SimenB's example doesn't work with 0.18.0 even after yarn cache clean

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


define-properties@^1.1.2:
  version "1.1.2"
  resolved "http://npm.office.crweb.it/define-properties/-/define-properties-1.1.2.tgz#83a73f2fea569898fb737193c8f873caf6d45c94"
  dependencies:
    foreach "^2.0.5"
    object-keys "^1.0.8"

entries-test@^1.0.1:
  version "1.0.2"
  resolved "http://npm.office.crweb.it/entries-test/-/entries-test-1.0.2.tgz#f1039aba3a2effc9c3a56b6b1180694b2789e4d5"
  dependencies:
    object.entries "^1.0.3"

es-abstract@^1.6.1:
  version "1.6.1"
  resolved "http://npm.office.crweb.it/es-abstract/-/es-abstract-1.6.1.tgz#bb8a2064120abcf928a086ea3d9043114285ec99"
  dependencies:
    es-to-primitive "^1.1.1"
    function-bind "^1.1.0"
    is-callable "^1.1.3"
    is-regex "^1.0.3"

es-to-primitive@^1.1.1:
  version "1.1.1"
  resolved "http://npm.office.crweb.it/es-to-primitive/-/es-to-primitive-1.1.1.tgz#45355248a88979034b6792e19bb81f2b7975dd0d"
  dependencies:
    is-callable "^1.1.1"
    is-date-object "^1.0.1"
    is-symbol "^1.0.1"

foreach@^2.0.5:
  version "2.0.5"
  resolved "http://npm.office.crweb.it/foreach/-/foreach-2.0.5.tgz#0bee005018aeb260d0a3af3ae658dd0136ec1b99"

function-bind@^1.0.2, function-bind@^1.1.0:
  version "1.1.0"
  resolved "http://npm.office.crweb.it/function-bind/-/function-bind-1.1.0.tgz#16176714c801798e4e8f2cf7f7529467bb4a5771"

has@^1.0.1:
  version "1.0.1"
  resolved "http://npm.office.crweb.it/has/-/has-1.0.1.tgz#8461733f538b0837c9361e39a9ab9e9704dc2f28"
  dependencies:
    function-bind "^1.0.2"

is-callable@^1.1.1, is-callable@^1.1.3:
  version "1.1.3"
  resolved "http://npm.office.crweb.it/is-callable/-/is-callable-1.1.3.tgz#86eb75392805ddc33af71c92a0eedf74ee7604b2"

is-date-object@^1.0.1:
  version "1.0.1"
  resolved "http://npm.office.crweb.it/is-date-object/-/is-date-object-1.0.1.tgz#9aa20eb6aeebbff77fbd33e74ca01b33581d3a16"

is-regex@^1.0.3:
  version "1.0.3"
  resolved "http://npm.office.crweb.it/is-regex/-/is-regex-1.0.3.tgz#0d55182bddf9f2fde278220aec3a75642c908637"

is-symbol@^1.0.1:
  version "1.0.1"
  resolved "http://npm.office.crweb.it/is-symbol/-/is-symbol-1.0.1.tgz#3cc59f00025194b6ab2e38dbae6689256b660572"

object-keys@^1.0.8:
  version "1.0.11"
  resolved "http://npm.office.crweb.it/object-keys/-/object-keys-1.0.11.tgz#c54601778ad560f1142ce0e01bcca8b56d13426d"

object.entries@^1.0.3:
  version "1.0.4"
  resolved "http://npm.office.crweb.it/object.entries/-/object.entries-1.0.4.tgz#1bf9a4dd2288f5b33f3a993d257661f05d161a5f"
  dependencies:
    define-properties "^1.1.2"
    es-abstract "^1.6.1"
    function-bind "^1.1.0"
    has "^1.0.1"

object.values@^1.0.3:
  version "1.0.4"
  resolved "http://npm.office.crweb.it/object.values/-/object.values-1.0.4.tgz#e524da09b4f66ff05df457546ec72ac99f13069a"
  dependencies:
    define-properties "^1.1.2"
    es-abstract "^1.6.1"
    function-bind "^1.1.0"
    has "^1.0.1"

SharpEdgeMarshall on 6 Dec 2016

$ rm -rf node_modules && rm yarn.lock && yarn cache clean && yarn && node index.js && rm -rf node_modules && rm yarn.lock && yarn cache clean && yarn --prod && node index.js
yarn cache v0.18.0
success Cleared cache.
✨  Done in 0.07s.
yarn install v0.18.0
info No lockfile found.
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
✨  Done in 0.93s.
yarn cache v0.18.0
success Cleared cache.
✨  Done in 0.07s.
yarn install v0.18.0
info No lockfile found.
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
✨  Done in 0.76s.
module.js:471
    throw err;
    ^

Error: Cannot find module 'object-keys'
    at Function.Module._resolveFilename (module.js:469:15)
    at Function.Module._load (module.js:417:25)
    at Module.require (module.js:497:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (/Users/simbekkh/repos/ugh/node_modules/define-properties/index.js:3:12)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)

Lockfile:

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


define-properties@^1.1.2:
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.1.2.tgz#83a73f2fea569898fb737193c8f873caf6d45c94"
  dependencies:
    foreach "^2.0.5"
    object-keys "^1.0.8"

entries-test@^1.0.1:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/entries-test/-/entries-test-1.0.2.tgz#f1039aba3a2effc9c3a56b6b1180694b2789e4d5"
  dependencies:
    object.entries "^1.0.3"

es-abstract@^1.6.1:
  version "1.6.1"
  resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.6.1.tgz#bb8a2064120abcf928a086ea3d9043114285ec99"
  dependencies:
    es-to-primitive "^1.1.1"
    function-bind "^1.1.0"
    is-callable "^1.1.3"
    is-regex "^1.0.3"

es-to-primitive@^1.1.1:
  version "1.1.1"
  resolved "https://registry.yarnpkg.com/es-to-primitive/-/es-to-primitive-1.1.1.tgz#45355248a88979034b6792e19bb81f2b7975dd0d"
  dependencies:
    is-callable "^1.1.1"
    is-date-object "^1.0.1"
    is-symbol "^1.0.1"

foreach@^2.0.5:
  version "2.0.5"
  resolved "https://registry.yarnpkg.com/foreach/-/foreach-2.0.5.tgz#0bee005018aeb260d0a3af3ae658dd0136ec1b99"

function-bind@^1.0.2, function-bind@^1.1.0:
  version "1.1.0"
  resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.0.tgz#16176714c801798e4e8f2cf7f7529467bb4a5771"

has@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/has/-/has-1.0.1.tgz#8461733f538b0837c9361e39a9ab9e9704dc2f28"
  dependencies:
    function-bind "^1.0.2"

is-callable@^1.1.1, is-callable@^1.1.3:
  version "1.1.3"
  resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.1.3.tgz#86eb75392805ddc33af71c92a0eedf74ee7604b2"

is-date-object@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.1.tgz#9aa20eb6aeebbff77fbd33e74ca01b33581d3a16"

is-regex@^1.0.3:
  version "1.0.3"
  resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.0.3.tgz#0d55182bddf9f2fde278220aec3a75642c908637"

is-symbol@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/is-symbol/-/is-symbol-1.0.1.tgz#3cc59f00025194b6ab2e38dbae6689256b660572"

object-keys@^1.0.8:
  version "1.0.11"
  resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.0.11.tgz#c54601778ad560f1142ce0e01bcca8b56d13426d"

object.entries@^1.0.3:
  version "1.0.4"
  resolved "https://registry.yarnpkg.com/object.entries/-/object.entries-1.0.4.tgz#1bf9a4dd2288f5b33f3a993d257661f05d161a5f"
  dependencies:
    define-properties "^1.1.2"
    es-abstract "^1.6.1"
    function-bind "^1.1.0"
    has "^1.0.1"

object.values@^1.0.3:
  version "1.0.4"
  resolved "https://registry.yarnpkg.com/object.values/-/object.values-1.0.4.tgz#e524da09b4f66ff05df457546ec72ac99f13069a"
  dependencies:
    define-properties "^1.1.2"
    es-abstract "^1.6.1"
    function-bind "^1.1.0"
    has "^1.0.1"

SimenB on 6 Dec 2016

@SimenB Thanks. It seems, my cache had problem. After clearing my cache now it's failing. But, with a different error. Give me some time to investigate.

torifat on 6 Dec 2016

👍1

Btw, I recommend using https://github.com/Mottie/Octopatcher in this thread

Very practical with many lines of output

I'll stop spamming now

SimenB on 6 Dec 2016

👍3

@SimenB Failing in v0.18.0 but can't reproduce in latest master.

UPDATE: Weird! It's failing again 😕

torifat on 6 Dec 2016

@torifat I can confirm that doesn't work with master (v0.19.0)
rm -rf node_modules && rm yarn.lock && ../yarn/bin/yarn cache clean && ../yarn/bin/yarn && node index.js && rm -rf node_modules && rm yarn.lock && ../yarn/bin/yarn cache clean && ../yarn/bin/yarn --prod && node index.js

yarn cache v0.19.0-0
success Cleared cache.
Done in 0.58s.
yarn install v0.19.0-0
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 10.18s.
yarn cache v0.19.0-0
success Cleared cache.
Done in 0.09s.
yarn install v0.19.0-0
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 4.26s.
module.js:457
    throw err;
    ^

Error: Cannot find module 'object-keys'
    at Function.Module._resolveFilename (module.js:455:15)
    at Function.Module._load (module.js:403:25)
    at Module.require (module.js:483:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (/home/sharpedge/git/Utility/YarnBug/node_modules/define-properties/index.js:3:12)
    at Module._compile (module.js:556:32)
    at Object.Module._extensions..js (module.js:565:10)
    at Module.load (module.js:473:32)
    at tryModuleLoad (module.js:432:12)
    at Function.Module._load (module.js:424:3)

SharpEdgeMarshall on 6 Dec 2016

👍1

I have same problems (some packages do not installed with --production flag) with current stable 0.17.10:

curl -o- -L https://yarnpkg.com/install.sh | bash && ~/.yarn/bin/yarn install --production && rm -rf ~/.yarn

But when I try current nightly build Yarn 0.19.0-20161207.1241 all needed packages were installed correctly for my app:

wget https://yarnpkg.com/install.sh && chmod +x install.sh && ./install.sh --nightly && rm -f install.sh && ~/.yarn/bin/yarn install --production && rm -rf ~/.yarn

@SharpEdgeMarshall @SimenB can you try latest nightly build and confirm that problem persists.

Used in my docker containers: https://gist.github.com/nodkz/b843d65a3430a4f510e5f5eb0cc759d2

nodkz on 8 Dec 2016

@nodkz 18 is out and stable (I think?), but as can be seen in the post directly above yours, master (as of 2 days ago at least) still has the bug

SimenB on 8 Dec 2016

I think it still requires install yarn@rc:

'dist-tags': { rc: '0.18.0', latest: '0.17.10' },

jkrems on 8 Dec 2016

That's new then, I got 0.18 a few days ago by just install. Anyways, the bug is still reproducible in 0.18.

@nodkz Repro is:

{
  "dependencies": {
    "entries-test": "^1.0.1"
  },
  "devDependencies": {
    "object.values": "^1.0.3"
  }
}

SimenB on 8 Dec 2016

👍1

Yep, running into similar issues with our projects as well:

rm -rf package.json yarn.lock node_modules && npm init --yes && yarn add --dev nodemon && yarn add glob-stream && yarn --prod && node -p "require('glob-stream')"

Fails with both 0.18 and latest master branch.

jkrems on 8 Dec 2016

Agreed. Still able to repro with latest.

jasonreimer on 10 Dec 2016

I think my issue is similar or the same as this one. Build is failing on Heroku, but only for production environment. Caching is disabled.

Resolving node version ^7.2.1 via semver.io...
       Downloading and installing node 7.2.1...
       Using default npm version: 3.10.10
       Resolving yarn version (latest) via semver.io...
       Downloading and installing yarn (0.18.1)...
       Installed yarn 0.18.1
-----> Restoring cache
       Skipping cache restore (disabled by config)
-----> Building dependencies
       Installing node modules (yarn)
       yarn install v0.18.1
       [1/4] Resolving packages...
       [2/4] Fetching packages...
       warning [email protected]: The platform "linux" is incompatible with this module.
       info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
       [3/4] Linking dependencies...
       [4/4] Building fresh packages...
       error /tmp/build_0e4ff736ad0f25dc816a47543687fefc/bbb7b6e751dde291f65dea175f41a26862eef28f/node_modules/bcrypt: Command failed.
       Exit code: 1
       Command: sh
       Arguments: -c node-pre-gyp install --fallback-to-build
       Directory: /tmp/build_0e4ff736ad0f25dc816a47543687fefc/bbb7b6e751dde291f65dea175f41a26862eef28f/node_modules/bcrypt
       Output:
       module.js:472
       throw err;
       ^

       Error: Cannot find module 'abbrev'
       at Function.Module._resolveFilename (module.js:470:15)
       at Function.Module._load (module.js:418:25)
       at Module.require (module.js:498:17)
       at require (internal/module.js:20:19)
       at Object.<anonymous> (/tmp/build_0e4ff736ad0f25dc816a47543687fefc/bbb7b6e751dde291f65dea175f41a26862eef28f/node_modules/nopt/lib/nopt.js:10:14)
       at Module._compile (module.js:571:32)
       at Object.Module._extensions..js (module.js:580:10)
       at Module.load (module.js:488:32)
       at tryModuleLoad (module.js:447:12)
       at Function.Module._load (module.js:439:3)
       info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
-----> Build failed

adamreisnz on 18 Dec 2016

I also have this issue as well. I'm still using yarn install for production as of the moment since yarn install --production does not correctly install the right dependencies.

dashmug on 19 Dec 2016

I'm afraid i can't do that, as it's hardcoded to yarn install --production in the Heroku buildpack I think (ref https://github.com/heroku/heroku-buildpack-nodejs/issues/337)

adamreisnz on 19 Dec 2016

@adamreisnz Sorry, I was referring to the original issue not yours.

For a workaround of your issue, I suggest you put all devDependencies to dependencies for now until this issue is fixed.

dashmug on 19 Dec 2016

@dashmug Ah ok, no problem.

Anyway, I prefer using npm on Heroku for now until Yarn is more stable, rather than mucking around with hacky solutions. I've put yarn.lock in my .gitignore so it doesn't get uploaded to the repo/heroku. This way, I can still use Yarn locally, but it won't affect the builds on Heroku.

adamreisnz on 19 Dec 2016

@adamreisnz That defeats your purpose for using yarn, don't you think?

dashmug on 19 Dec 2016

@dashmug Not really, at least, not for us. I am not using it for locking package versions in place. We have very up-to-date dependencies and no issues around "works on my machine". My main reason for moving to yarn over npm was for the speed, which for complex apps with a lot of dependencies I saw going from 5 minutes for an npm install to 22 seconds with yarn.

As long as yarn is unstable, I can live with a slightly slower build process on Heroku, as long as I can use yarn locally for development and have fast installs :)

Yarn is advertised as being pretty much a drop-in replacement for npm. However, some of the issues we've encountered and that are still unresolved, like this one, prevent us from using it as such. Therefore I see it as an extra tool at present, which is useful for one thing, but not there yet for another. I have no doubt in time it will work great though :)

adamreisnz on 19 Dec 2016

👍1

This appears to be fixed for me in 0.18.1.

dy-dx on 19 Dec 2016

Heroku was using 0.18.1 at the time when it failed, so not fixed yet afaik.

adamreisnz on 19 Dec 2016

This issue's fixed for me on 0.18.1.

dashmug on 19 Dec 2016

My earlier repro is fixed with 0.18.1 🎉

I'll try tomorrow with a real app

SimenB on 20 Dec 2016

0.18.1 fixes my issues. I'm a happy camper 🎉

Fjandin on 20 Dec 2016

Tried 0.18.1 with a non-trivial app that was previously failing and it seems to work now! 🎉

jkrems on 20 Dec 2016

I guess I'll give it another go soon :)

adamreisnz on 20 Dec 2016

Sorry, still not working with 0.18.1;

-----> Node.js app detected
-----> Creating runtime environment

       NPM_CONFIG_LOGLEVEL=error
       NPM_CONFIG_PRODUCTION=true
       NODE_ENV=production
       NODE_MODULES_CACHE=true
-----> Installing binaries
       engines.node (package.json):  ^7.2.1
       engines.npm (package.json):   unspecified (use default)

       Resolving node version ^7.2.1 via semver.io...
       Downloading and installing node 7.2.1...
       Using default npm version: 3.10.10
       Resolving yarn version (latest) via semver.io...
       Downloading and installing yarn (0.18.1)...
       Installed yarn 0.18.1
-----> Restoring cache
       Loading 2 from cacheDirectories (default):
       - node_modules
       - bower_components (not cached - skipping)
-----> Building dependencies
       Installing node modules (yarn)
       yarn install v0.18.1
       [1/4] Resolving packages...
       [2/4] Fetching packages...
       warning [email protected]: The platform "linux" is incompatible with this module.
       info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
       [3/4] Linking dependencies...
       [4/4] Building fresh packages...
       error /tmp/build_c86802dccae94b3fb074d3b88f3f63f2/9512deeed23c0eca48d68fb2c8850a28f76692ea/node_modules/bcrypt: Command failed.
       Exit code: 1
       Command: sh
       Arguments: -c node-pre-gyp install --fallback-to-build
       Directory: /tmp/build_c86802dccae94b3fb074d3b88f3f63f2/9512deeed23c0eca48d68fb2c8850a28f76692ea/node_modules/bcrypt
       Output:
       module.js:472
       throw err;
       ^

       Error: Cannot find module 'abbrev'
       at Function.Module._resolveFilename (module.js:470:15)
       at Function.Module._load (module.js:418:25)
       at Module.require (module.js:498:17)
       at require (internal/module.js:20:19)
       at Object.<anonymous> (/tmp/build_c86802dccae94b3fb074d3b88f3f63f2/9512deeed23c0eca48d68fb2c8850a28f76692ea/node_modules/nopt/lib/nopt.js:10:14)
       at Module._compile (module.js:571:32)
       at Object.Module._extensions..js (module.js:580:10)
       at Module.load (module.js:488:32)
       at tryModuleLoad (module.js:447:12)
       at Function.Module._load (module.js:439:3)
       info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
-----> Build failed

       We're sorry this build is failing! You can troubleshoot common issues here:
       https://devcenter.heroku.com/articles/troubleshooting-node-deploys

       Some possible problems:

       - A module may be missing from 'dependencies' in package.json
       https://devcenter.heroku.com/articles/troubleshooting-node-deploys#ensure-you-aren-t-relying-on-untracked-dependencies

       - This module may be specified in 'devDependencies' instead of 'dependencies'
       https://devcenter.heroku.com/articles/nodejs-support#devdependencies

       Love,
       Heroku

 !     Push rejected, failed to compile Node.js app.
 !     Push failed

Setting NODE_MODULES_CACHE=false didn't help either.

Here is the dependency tree:

├─┬ [email protected]
│ └─┬ [email protected]
│   └─┬ [email protected]
│     └─┬ [email protected]
│       └─┬ [email protected]
│         └── [email protected] 
├─┬ [email protected]
│ └─┬ @google-cloud/[email protected]
│   └─┬ @google-cloud/[email protected]
│     └─┬ [email protected]
│       └─┬ [email protected]
│         └─┬ [email protected]
│           └── [email protected] 
└─┬ [email protected]
  └── [email protected]

I think the problem is the deep dependency via google-cloud. That is a production module, and both bable-cli and instanbul are dev only.

Moreover, when I use yarn why abbrev, it fails to pick up the google-cloud and babel-cli parent dependents:

yarn why v0.18.1
[1/4] 🤔  Why do we have the module "abbrev"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
info Reasons this module exists
   - "istanbul" depends on it
   - "istanbul#nopt" depends on it

@jkrems, @SimenB Shall I raise a new issue for that or not?

adamreisnz on 20 Dec 2016

istanbul#nopt also looks wrong, in the why output.
I'm onnmy way to work now, will test in a real app then

SimenB on 20 Dec 2016

@SimenB thanks, let me know if you need more information, e.g. my entire package.json modules list.

Edit: actually here it is just in case, as I'm going to sleep now;

"dependencies": {
    "bcrypt": "^1.0.1",
    "bluebird": "^3.4.6",
    "body-parser": "^1.15.2",
    "chalk": "^1.1.3",
    "compression": "^1.6.2",
    "cookie-parser": "^1.4.3",
    "cors": "^2.8.1",
    "express": "^4.14.0",
    "glob": "^7.1.1",
    "google-cloud": "^0.45.1",
    "handlebars": "^4.0.6",
    "html-pdf": "^2.1.0",
    "http-as-promised": "^1.1.0",
    "meanie-express-error-handling": "git+https://github.com/meanie/express-error-handling#2.0.0",
    "meanie-express-github-service": "^2.0.2",
    "meanie-express-jwt-service": "^1.0.2",
    "meanie-express-raven-service": "^1.0.1",
    "meanie-mail-composer": "^1.2.0",
    "meanie-mongoose-only-id": "^1.0.1",
    "meanie-mongoose-set-properties": "^1.0.1",
    "meanie-mongoose-to-json": "^1.1.0",
    "meanie-multer-mime-types-filter": "^1.0.1",
    "meanie-passport-refresh-strategy": "^1.1.2",
    "moment": "^2.17.1",
    "mongoose": "^4.7.3",
    "morgan": "^1.7.0",
    "multer": "^1.1.0",
    "passport": "^0.3.2",
    "passport-http-bearer": "^1.0.1",
    "passport-local": "^1.0.0",
    "phantomjs-prebuilt": "2.1.14",
    "sendgrid": "^4.7.1",
    "sendgrid-mailer": "^1.0.7",
    "socket.io": "^1.7.2",
    "yargs": "^6.5.0"
  },
  "devDependencies": {
    "babel-cli": "^6.16.0",
    "babel-preset-es2015": "^6.18.0",
    "chai": "^3.5.0",
    "chai-as-promised": "^6.0.0",
    "dirty-chai": "^1.2.2",
    "eslint": "^3.12.1",
    "express-simulate-latency": "0.0.2",
    "istanbul": "^1.0.0-alpha.2",
    "mocha": "^3.2.0",
    "mocha-clean": "^1.0.0",
    "nodemon": "^1.11.0",
    "sinon": "^1.17.6",
    "sinon-as-promised": "^4.0.0",
    "sinon-mongoose": "^1.3.0"
  }

adamreisnz on 20 Dec 2016

This still fails for the app at work. Seems like Yarn's unable to follow deep paths. Here is npm ls entities after yarn --prod

$ npm ls entities
[email protected] /Users/simbekkh/repos/frontpage
└─┬ @finn-no/[email protected]
  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └─┬ [email protected]
          └─┬ [email protected]
            └── UNMET DEPENDENCY entities@~1.1.1

npm ERR! missing: entities@~1.1.1, required by [email protected]

Same as @adamreisnz, yarn why doesn't pick up the correct tree.

$ yarn why entities
yarn why v0.18.1
[1/4] 🤔  Why do we have the module "entities"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
info Reasons this module exists
   - "cheerio" depends on it
   - "cheerio#htmlparser2" depends on it
info Disk size without dependencies: "108kB"
info Disk size with unique dependencies: "108kB"
info Disk size with transitive dependencies: "108kB"
info Amount of shared dependencies: 0
✨  Done in 0.40s.

SimenB on 20 Dec 2016

istanbul#nopt also looks wrong, in the why output.

You're right, that seems likely to be the core of this problem. It seems to think that nopt is part of istanbul package, instead of google-cloud and/or babel-cli, and maybe that's why it's not installing it for production environments, because istanbul is not a prod dependency.

adamreisnz on 20 Dec 2016

Hey everyone, sorry that you are having this problem for quite a while now.
I'll assign this issue to myself and it is now a high priority, I'll try to fix it during the holidays.
Help and PRs with isolated breaking tests or a fix (ideally) are very much welcome.

bestander on 21 Dec 2016

👍24 ❤5

We have the same issue in prod env with the lib bl that is a dependency of gulp-imagemin's optional dependencies 😕

[~/Workspaces/my-project 12:05:33] NODE_ENV=production yarn
yarn install v0.18.1
info No lockfile found.
[1/4] 🔍  Resolving packages...
warning algoliasearch > [email protected]: Just use Array.isArray directly
warning gulp-file > through2 > xtend > [email protected]:
warning raven > [email protected]: use uuid module instead
warning wiredep > bower-config > [email protected]: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
warning chromedriver > [email protected]: this package has been reintegrated into npm and is now out of date with respect to npm
warning mversion > [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning wiredep > glob > [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning webdriverio > request > [email protected]: use uuid module instead
warning gulp > vinyl-fs > glob-watcher > gaze > globule > [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning gulp > vinyl-fs > glob-watcher > gaze > globule > glob > [email protected]: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
warning sprity-lwip > lwip > decree > [email protected]: This package is discontinued. Use lodash@^4.0.0.
[2/4] 🚚  Fetching packages...
warning [email protected]: The engine "ender" appears to be invalid.
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
[1/7] ⠂ fsevents: GET https://fsevents-binaries.s3-us-west-2.amazonaws.com/v1.0.15/fse-v1.0.15-node-v51-darwi
[2/7] ⠂ gifsicle
[3/7] ⠂ jpegtran-bin
[4/7] ⠂ optipng-bin
error /Users/fdubost/Workspaces/my-project/node_modules/gifsicle: Command failed.
Exit code: 1
Command: sh
Arguments: -c node lib/install.js
Directory: /Users/fdubost/Workspaces/my-project/node_modules/gifsicle
Output:
module.js:474
    throw err;
    ^

Error: Cannot find module 'bl'
    at Function.Module._resolveFilename (module.js:472:15)
    at Function.Module._load (module.js:420:25)
    at Module.require (module.js:500:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (/Users/fdubost/Workspaces/my-project/node_modules/tar-stream/extract.js:2:10)
    at Module._compile (module.js:573:32)
    at Object.Module._extensions..js (module.js:582:10)
    at Module.load (module.js:490:32)
    at tryModuleLoad (module.js:449:12)
    at Function.Module._load (module.js:441:3)

Thanks for your help 😊

fdubost on 28 Dec 2016

It works if I manually add bl to our package.json...

fdubost on 28 Dec 2016

Any news on this?

nicka on 13 Jan 2017

👍3

Not yet, I am building an ad-hoc commonJS checker that verifies node_modules structure independent of Yarn's hoisting and resolution algorithms https://github.com/yarnpkg/yarn/pull/2419.
It would be able to catch all the cases described in this bug and guard us from future regressions.

@kittens is having a look at what is happening here.
The bug is not trivial, so any additional insight is welcome

bestander on 13 Jan 2017

👍7

All right, collecting all the repros now with the latest trunk.
The example in the first comment does not reproduce anymore and yarn check --verify-tree passes

bestander on 16 Jan 2017

👍1

This one does not reproduce too https://github.com/yarnpkg/yarn/issues/761#issuecomment-260975012 and https://github.com/yarnpkg/yarn/issues/761#issuecomment-265823529

bestander on 16 Jan 2017

Yeah, that repro was fixed with 0.18.1.

2 ideas:

Is there some log with the resolutions happening that I can share with you?

Additionally, I can give you the lockfile that reproduces it at work, but you won't be able to install it because of private deps. You might be able to mess around and skip the fetching of packages, and just mess about with the tree?

SimenB on 16 Jan 2017

@SimenB, so you you have another example where the resolution is broken for --production install?

For that case you can try:

yarn install --production --verbose
yarn check --production --verify-tree

With latest master branch.
If you don't want to send logs publicly, message me at [email protected]

bestander on 16 Jan 2017

Yeah, 0.18.1 was still broken, haven't tested 0.19 (or master). If it still reproduces (hope not!), I'll send you the logs privately

SimenB on 16 Jan 2017

Let's close this task because the title issue got solved.
There are 2 open ones that I haven't rechecked yet: #2263 and #2141 feel free to comment there or create a new one for your case and cc me.

2all: when you comment that installation is incorrect please include a package.json so that others could reproduce that.
Kudos to @jkrems for making a step further and submitting an awesome repro script: https://github.com/yarnpkg/yarn/issues/761#issuecomment-265823529

bestander on 16 Jan 2017

@bestander have you also re-checked https://github.com/yarnpkg/yarn/issues/761#issuecomment-268130124?

adamreisnz on 16 Jan 2017

@adamreisnz, can you share the package.json again please?

bestander on 16 Jan 2017

https://github.com/yarnpkg/yarn/issues/761#issuecomment-268130124 is a different issue.

That one fails for yarn install --production.

This issue is about yarn install --production finishing successfully but is not doing the right thing.

dashmug on 16 Jan 2017

@bestander I've shared it in the comment below that, https://github.com/yarnpkg/yarn/issues/761#issuecomment-268201708, cheers

adamreisnz on 16 Jan 2017

Still fails with master (c98df16b) for me...

yarn check --verify-tree throws though, that's promising. Lots of those are dev deps though.

yarn check v0.20.0-0
error "babel-preset-es2015" not installed
error "browserify-middleware" not installed
error "cheerio" not installed
error "codeceptjs" not installed
error "del-cli" not installed
error "eslint" not installed
error "eslint-config-finn" not installed
error "espower-loader" not installed
error "hashmark" not installed
error "interfake" not installed
error "nightmare" not installed
error "nightmare-upload" not installed
error "nock" not installed
error "nodemon" not installed
error "nyc" not installed
error "power-assert" not installed
error "sinon" not installed
error "supertest" not installed
error "uglifyify" not installed
error "@finn-no/express-base#nunjucks#chokidar#anymatch" not installed
error "@finn-no/express-base#unleash-client#request#json-stringify-safe" not installed
error "@finn-no/express-base#pretty-error#renderkid#css-select#domutils#dom-serializer#entities" not installed
error Found 22 errors.

Running the app, it fails on missing anymatch.

npm ls shows other missing deps, which makes more sense

npm ERR! extraneous: [email protected] /Users/simbekkh/repos/frontpage/node_modules/node-pre-gyp
npm ERR! missing: anymatch@^1.3.0, required by [email protected]
npm ERR! missing: entities@~1.1.1, required by [email protected]
npm ERR! missing: json-stringify-safe@~5.0.1, required by [email protected]

SimenB on 16 Jan 2017

And this was the observation/cause of the issue: https://github.com/yarnpkg/yarn/issues/761#issuecomment-268331340

You're right, that seems likely to be the core of this problem. It seems to think that nopt is part of istanbul package, instead of google-cloud and/or babel-cli, and maybe that's why it's not installing it for production environments, because istanbul is not a prod dependency.

adamreisnz on 16 Jan 2017

Oh, sorry, @SimenB

yarn check --prodution --verify-tree

I'll edit my comment

bestander on 16 Jan 2017

Doing yarn check --verify-tree --production gives a good output (it agrees with npm ls):

yarn check v0.20.0-0
error "@finn-no/express-base#nunjucks#chokidar#anymatch" not installed
error "@finn-no/express-base#unleash-client#request#json-stringify-safe" not installed
error "@finn-no/express-base#pretty-error#renderkid#css-select#domutils#dom-serializer#entities" not installed
error Found 3 errors.

@bestander I'll email you package.json, yarn.lock and the verbose install log 😄

SimenB on 16 Jan 2017

👍1

@dashmug do you want me to create a new ticket for that issue? It's still a problem of incorrect dependencies being installed (albeit just for production), so I think it's related to this ticket.

adamreisnz on 16 Jan 2017

@bestander Email sent.
While @finn-no/express-base is not publicly available, the other 3 packages in the output are, so hopefully you can reproduce with solely public packages.

Should I open a new issue?

SimenB on 16 Jan 2017

👍1

@adamreisnz, could you please create a new issue then?
I can reproduce it but it is a different issue from the title one

bestander on 16 Jan 2017

It is related. Probably the same cause. Just a different symptom. I would put that as a different issue since it's not exactly the same as what the title says.

dashmug on 16 Jan 2017

👍1

@SimenB, thanks, I'll have a look

bestander on 16 Jan 2017

Ok will do guys.

adamreisnz on 16 Jan 2017

@bestander Making a package wth just those 3 in the output that fails makes it reproducible on master for me with just public deps. It's not a minimal reproduce, but still

{
  "name": "app",
  "version": "1.0.0",
  "dependencies": {
    "brakes": "^2.5.1",
    "compression": "^1.6.2",
    "envalid": "^2.4.0",
    "express": "^4.14.0",
    "object.entries": "^1.0.4",
    "prom-client": "^7.0.0",
    "response-time": "^2.3.2",
    "spaden": "^7.13.1",
    "yarn-issue-repro-package": "^1.0.0"
  },
  "devDependencies": {
    "babel-preset-es2015": "^6.18.0",
    "browserify": "^13.1.1",
    "browserify-middleware": "^7.1.0",
    "cheerio": "^0.22.0",
    "codeceptjs": "^0.4.13",
    "del-cli": "^0.2.1",
    "eslint": "^3.12.2",
    "eslint-config-finn": "^1.0.1",
    "espower-loader": "^1.0.1",
    "hashmark": "^4.1.0",
    "interfake": "^1.19.0",
    "mocha": "^3.2.0",
    "nightmare": "^2.9.0",
    "nightmare-upload": "^0.1.1",
    "nock": "^9.0.2",
    "nodemon": "^1.11.0",
    "nyc": "^10.0.0",
    "power-assert": "^1.4.1",
    "sinon": "^1.17.6",
    "supertest": "^2.0.1",
    "uglify-js": "^2.7.5",
    "uglifyify": "^3.0.4"
  }
}

package.json of yarn-issue-repro-package

{
  "name": "yarn-issue-repro-package",
  "version": "1.0.0",
  "main": "index.js",
  "license": "MIT",
  "dependencies": {
    "nunjucks": "^2.5.2",
    "pretty-error": "^2.0.2",
    "unleash-client": "^1.0.0-beta.7"
  }
}

Interestingly, it produces 4 errors instead of 3...

$ yarn check v0.20.0-0                                                                                                   │├─ [email protected]
error "yarn-issue-repro-package#nunjucks#chokidar#anymatch" not installed                                              │└─ [email protected]
error "yarn-issue-repro-package#unleash-client#request#json-stringify-safe" not installed                              │✨  Done in 2.65s.
error "yarn-issue-repro-package#nunjucks#yargs#string-width#code-point-at" not installed                               │ ~/repos/yarn-issue-repro-package  vim package.json
error "yarn-issue-repro-package#pretty-error#renderkid#css-select#domutils#dom-serializer#entities" not installed      │ ~/repos/yarn-issue-repro-package  npm publish
error Found 4 errors.

SimenB on 16 Jan 2017

I'm not sure is this the same issue or not, but here is the output (tested with 0.19.1)

havenchyk on 17 Jan 2017

I think I have found the root cause for the installation issue.
The failure to install a package can be reproduced by the following package.json:

{ "dependencies": {
    "bcrypt": "^1.0.1",
    "gamepad": "1.4.2"
  },
  "devDependencies": {
     "istanbul": "^1.0.0-alpha.2"
  }
}

And then the commands

rm -rf node_modules yarn.lock
yarn install
rm -rf node_modules
yarn install --production
npm ls abbrev

In this configuration, abbrev is not installed.

abbrev is used by istanbul and by nopt (as can be seen from yarn why abbrev). nopt is used by istanbul and node-pre-gyp (which is used by bcrypt and gamepad).

When deduping abbrev in the package hoister, the following code is used to determine the new isIgnored function of the hoisting record:

          // switch to non ignored if earlier deduped version was ignored
          if (existing.isIgnored() && !info.isIgnored()) {
            existing.isIgnored = info.isIgnored;
          }

abbrev is one of the first hoisting records to be processed. At that moment, the existing record is istanbul#abbrev (ignored because istanbul is ignored), and the duplicate record is istanbul#nopt#abbrev, which is also ignored at the time for the same reason.

Because both records are ignored at the time, the ignore function isn't adjusted as it was supposed to - because nopt will become non-ignored in a later dedup because of the dependency by node-pre-gyp. The ignore status of both records can change at any time, so the new ignore function should mix them.

And indeed, the installation problem goes away when we replace those lines with

          // switch to non ignored if earlier deduped version was ignored
          if (existing.isIgnored()) {
            if (info.isIgnored()) {
              // both are ignored now, but any one could become non ignored later on.
              let oldIsIgnored = existing.isIgnored;
              existing.isIgnored = () => oldIsIgnored() && info.isIgnored();
            } else {
              existing.isIgnored = info.isIgnored;
            }
          }

blexrob on 17 Jan 2017

👍7 ❤5

@blexrob, great find!
Would you send a PR?
There is a disabled test for "should not lose dependencies when installing with --production" in integration.js that should be fixed now

bestander on 17 Jan 2017

@bestander, just tested it, and this fix causes a stack overflow in the test you mentioned, so it can't be applied. The following cycle pops up:

d#es5-ext -> es6-symbol#es5-ext -> es6-set#es5-ext -> es6-iterator#es5-ext -> es6-map#es5-ext -> es5-ext#es6-iterator -> es6-set#es6-iterator -> es6-weak-map#es6-iterator -> event-emitter#es5-ext -> d#es5-ext

So, the naive recursive call approach is out...

blexrob on 17 Jan 2017

Yeah, I believe it needs a bit tweaking but the idea seems correct

bestander on 18 Jan 2017

I have such a problem with phantomjs-prebuilt module (as dependence of dependence) with yarn 0.27.5-1.
So now I do dummy yarn add phantomjs-prebuilt, before yarn install --production.

Dzenly on 13 Jul 2017

I regret to say that this still seems to be a problem in Yarn 1.3.2.
My builds on Netlify are failing when I use Yarn 1.3.2 but succeeding with Yarn 0.18.2.
The build errors with a cannot find module 'are-we-there-yet' and only with production flag.

adamreisnz on 2 Jan 2018

@adamreisnz, this thread is too big to track all issues.
Could you raise a new one with repro script?

bestander on 3 Jan 2018

@bestander done, thanks.

adamreisnz on 3 Jan 2018

❤1

For someone who still can't get it work and doesn't want to install jq can use

$ python -c "import json; p = json.loads(open('package.json').read()); del p['devDependencies']; open('package.json', 'w').write(json.dumps(p, indent=2));"

olastor on 24 Aug 2018

👍1

i am on yarn 1.17.3 and node v10.16.2 in lerna monorepo. still facing same issue.

hannadrehman on 21 Aug 2019

👍4

I can confirm it too.
I have a lot of dependencies, but when I use yarn install --production, only two modules are installed.
Notable though, I am on a Lerna monorepo similar to @hannadrehman with Yarn workspaces, which may explain the extreme behavior.

Yarn version: 1.22.0
Node: v12.16.1

npm install --production works perfectly though.

@hannadrehman is the project in question a package of your monorepo?

TAnas0 on 5 Mar 2020

Same problem as @TAnas0

nolazybits on 31 Mar 2020

👍1

Yarn: `yarn install --production` doesn't install correct dependencies

Most helpful comment

All 115 comments

I'm doing some tests with 0.18.0

Related issues