Yarn: Respect save-exact option from .npmrc in project directory

Created on 15 Oct 2016 · 17Comments · Source: yarnpkg/yarn

Do you want to request a _feature_ or report a _bug_?
Not sure if this is a bug or feature request

What is the current behavior?

save-exact = true from .npmrc file is not respected,
~~(workaround) setting save-prefix to '' (empty string) results in adding undefined<pkg.version> to package.json file when running yarn add <package> due to empty string being a false value,~~

If the current behavior is a bug, please provide the steps to reproduce.

create .npmrc file in project directory, add save-exact = true line to it,
~~(workaround) and/or: run yarn config set save-prefix ''~~

What is the expected behavior?
The same as calling yarn add with the --exact flag. All packages should be saved as an exact version.

Please mention your node.js, yarn and operating system version.
yarn 0.15.1
node 6.8.1
macOS 10.12

cat-bug triaged

Source

jsynowiec

👍26

Most helpful comment

I'm liking the workaround solution, but I don't see the need for yarn to reinvent the wheel here. If yarn is supposed to exist as an interface on top of existing package.json and .npmrc files, then the .npmrc file should act as the single source of truth.

petermikitsh on 6 Feb 2017

👍32

All 17 comments

@jsynowiec

Hopefully I take your descriptions right, my steps are:

Add save-exact = true into .npmrc in the project's root directory.
Run yarn config set save-prefix ''.
Run yarn add [email protected].

Now webpack 1.13.2 is installed, exactly the same version.

I don't know which package you were installing, but maybe you came across this issue because the nature of yarn add as described in docs

yarn add [email protected] would accept version 1.9.1

Also, this might be fixed already.

So please tried again and update this issue, or correct me if I made some mistakes on reproducing the bug :-)

WYSIATI on 18 Oct 2016

Run yarn add [email protected].
Don't specify the package version.

IMHO the desired behaviour of save-exact = true in .npmrc is that whenever npm i (or hopefully yarn add) is run, the latest version of package is added exactly to package.json file, without the ~ or ^ prefix.

jsynowiec on 18 Oct 2016

👍12

The possible bug with workaround is was at registries/yarn-registry.js#L58 because an empty string '', "" (also 0) is a falsy value.

Workaround ~~should be~~ is now fixed https://github.com/yarnpkg/yarn/pull/1024 by @TAGraves . Glad I've checked because I was in the middle of fixing this myself 😉

jsynowiec on 18 Oct 2016

yeah, I saw this change, and now, the version is prefixed with undefined.

WYSIATI on 18 Oct 2016

I've just verified and the workaround works on master. .npmrc is still not respected but setting save-prefix to an empty string results in adding a package without the caret or tilde prefix.

jsynowiec on 18 Oct 2016

Is this the same issue as Yarn not respecting save-prefix = '' in a project-local .npmrc? Or should I open a separate issue for that?

taoeffect on 28 Nov 2016

I'd like to be able to rely on the original .npmrc's save-exact=true setting for Yarn as well as npm. I have an open-source project that uses Yarn in our hosted application but ideally does not require users to install it for local use.

louh on 6 Dec 2016

hey guys, defining:

# .yarnrc
save-prefix false

works the way we expect, but, unfortunately, you'll need different configurations from .npmrc

yarn add redux

# package.json
"redux": "3.6.0"

oieduardorabelo on 23 Dec 2016

👍13

That works just fine for me, thanks!

louh on 23 Dec 2016

@oieduardorabelo it works for me, but I can't find any documents about .yarnrc config, do you know where can I find it?

dawncold on 13 Jan 2017

hey @dawncold , I saw it in the /src/cli/commands/add.js#L74

https://github.com/yarnpkg/yarn/blob/6e7d396451ed7622a92f4a25d9370e5724c54635/src/cli/commands/add.js#L74

the default ^, my guess, is coming from the function this.config.getOption:

https://github.com/yarnpkg/yarn/blob/05bf97728cbe92f034f7d4596830f481a65fe8fa/src/registries/yarn-registry.js#L25

in my local tests, export const DEFAULTS = { ... } can be overwritten using .yarnrc

oieduardorabelo on 13 Jan 2017

petermikitsh on 6 Feb 2017

👍32

With the bloat of tools that pop up every day, it's really frustrating to configure every little bit, especially if you already configured it for npm.

I use save-exact because many projects don't follow proper semver and break things in minor versions (or even patch versions), and after spending many hours debugging why "it works on my machine but not in production/test/staging" that's the only sane solution.
Until of course someone adds a property to package.json indicating the project follows proper semver and then we could somehow automatically allow for ^ updates (interesting idea).

So... after mentally being in peace for a couple of years now using save-exact, I was surprised to see yarn add <package> not respecting the setting.

alexilyaev on 11 Jun 2017

👍1

so save-exact set to true in npm means the same thing as false in yarn.

perfect.

Pyrolistical on 13 Jul 2017

😄11

I think this can be closed, from v1.1.0 Yarn respects save-exact = true in .npmrc and does not add any prefix on yarn add package-name

Ref: https://github.com/yarnpkg/yarn/pull/4471

alexilyaev on 1 Oct 2017

👍6 ❤2 🎉2 😄1

Small question, with tools like https://renovateapp.com/ I am used to pin only dev dependencies, and use ^ for deps. Is that feasible using yarn? (specifying prefix for dev or dep)

vvo on 2 Oct 2017

👀1

@vvo AFAIK yarn doesn't have anything like this. You can sketch up an RFC if you are feeling strongly but I have doubts about usefulness of such a feature for many people.