Yarn: 'yarn install --production' does not install transitive dependencies if listed as devDependencies in the project
Do you want to request a feature or report a bug?
Report a bug
What is the current behavior?
In a project A with a dependency on B and B having a dependency on C, yarn install --production wont install C if C is listed as a devDependency of A. npm does.
If the current behavior is a bug, please provide the steps to reproduce.
- Create a project with:
{
"name": "test",
"version": "1.0.0",
"dependencies": {
"sequelize-cli": "^2.5.1"
},
"devDependencies": {
"gulp": "^3.9.1"
}
}
(note that sequelize-cli has a dependency on gulp:
{
"dependencies": {
"gulp": "^3.9.1",
}
}
Run
yarn install --productionTry to find
gulp:ls node_modules/gulpreturns nothing.
However, if the package is
{
"name": "test",
"version": "1.0.0",
"dependencies": {
"sequelize-cli": "^2.5.1"
}
}
yarn install --production will install gulp
What is the expected behavior?
Transitives production dependencies are always installed, even if the project declares them as devDependencies.
Please mention your node.js, yarn and operating system version.
- node 7.3.0
- yarn 0.21.3
- OSX 10.12.3 (Sierra)
scinos
All 20 comments
Is #761 back again?
SimenB
on 2 Mar 2017
Just hit this with yarn 0.21.3. I have a logger package (B) that depends on bunyan (C), but bunyan is a devDependency of the main package (A).
razor-x
on 6 Mar 2017
Also running 0.21.3 and hitting the same issue as @razor-x
mapsam
on 7 Mar 2017
Same issue here, this just screwed a production build, not good.
patrickd-
on 8 Mar 2017
Same here using --production: main package (A) requires redis-mpool (B) which has redis (C) as dependency and main package (A) also defines redis (C) as devDependency.
dgaubert
on 8 Mar 2017
Same here 😖 with latest 0.21.3 installing a lot of devDependecies...
Jolg42
on 10 Mar 2017
Does yarn check --verify-tree report errors?
SimenB
on 10 Mar 2017
@SimenB indeed it does! With the example package.json provided by @scinos above:
yarn check v0.20.3
error "sequelize-cli#gulp" not installed
error "gulp" not installed
error Found 2 errors.
This is still present in yarn 0.22.0.
Quick one-liner based on OP: yarn init -y && yarn add sequelize-cli && yarn add gulp --dev && yarn --prod && yarn check --verify-tree --prod still gives
yarn check v0.22.0
error "sequelize-cli#gulp" not installed
error Found 1 errors.
@bestander Could you please check this? There's also an open PR for this, I haven't tested it though #2921
The fact that I can't trust --prod erodes my trust in yarn, which is a shame, cuz it's really awesome in so many ways. For now we still install dev dependencies to production to avoid this, which bloats up the image, and slows down the link part of install into a docker container.
EDIT: I tested with 0.23.0, and it actually prints a warning during yarn --prod (#3025). It still fails the check, though.
yarn install v0.23.0
[1/4] Resolving packages...
warning Integrity check: Patterns don't match
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
Done in 2.69s.
Should the yarn --prod command fail at that point?
SimenB
on 7 Apr 2017
Yeah, looks like the bug is present there.
warning Integrity check: Patterns don't match means that quick integrity check does not pass and install should proceed.
I'll investigate now.
bestander
on 7 Apr 2017
Apparently the logic here is incorrect https://github.com/yarnpkg/yarn/blob/master/src/package-hoister.js#L147 and does not factor top level devDependencies.
Anyone wants to dig deeper and send a PR?
bestander
on 7 Apr 2017
@bestander - already did that, see #2921
blexrob
on 7 Apr 2017
Awesome, thanks, @blexrob, sorry for missing this.
bestander
on 7 Apr 2017
Just a comment from my point of view, regarding this warning message (as a response to @bestander's comment):
warning Integrity check: Patterns don't match
When I see this after running a yarn install command, I begin to worry that there is either a yarn bug or an issue with one of our yarn files (such as yarn.lock). But rather, hearing that this message signifies a normal use case for yarn (in this case, I am running yarn install because I have not yet installed packages due to a recent yarn.lock or package.json change) is a little confusing. I would expect to receive silent output or non-warning output in the case of an expected use case.
If there is a better medium to provide this feedback (new Github issue?), then please let me know.
ecbrodie
on 2 May 2017
@ecbrodie That's fixed in #3248
SimenB
on 2 May 2017
@SimenB excellent, thanks for letting me know. Which yarn version will this be released in?
ecbrodie
on 2 May 2017
No idea 😄
SimenB
on 2 May 2017
It is in master branch right now
So will be released in next branch cut, i.e. 0.24 this Thursday
bestander
on 2 May 2017
I just experienced this issue again using v0.24.5. Has there been a regression?
artlogic
on 19 May 2017
Please open a new issue with repro steps
On Fri, 19 May 2017 at 05:43, James Kruth notifications@github.com wrote:
I just experienced this issue again using v0.24.5. Has there been a
regression?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/yarnpkg/yarn/issues/2819#issuecomment-302607063, or mute
the thread
https://github.com/notifications/unsubscribe-auth/ACBdWFGRWr4mfPbySPNiK3W3wcOxc9-Jks5r7R30gaJpZM4MQdaC
.
bestander
on 19 May 2017
Related issues
NonPolynomial
·
3Comments
FLGMwt
·
3Comments
Ambroos
·
3Comments
chiedo
·
3Comments
sanex3339
·
3Comments