Yarn: Yarn is resolving modules versions incorrectly

This is correct behavior. vue-lazyload is tagging its prereleases incorrectly -- it should be naming them e.g. 1.0.0-rc.12 (with a period) to follow the semver spec for prereleases. Otherwise, versions are sorted lexicographically. You might want to file an issue with vue-lazyload to get this fixed on their side.

This is correct behaviour. 1.0.0-rc12 is older than 1.0.0-rc9 according to semver, as @billyjanitsch mentioned.

I agree that the tagging is not inline with the spec; however I think a lot of packages are numbered in this way and this behaviour differs from that of npm which does see -alpha10 as being newer than -alpha9.

In the interests of compatibility, would it be worth revisiting this issue?

:+1: I second the idea of re-opening the ticket. While enforcing the spec is a great idea, yarn is aiming for painless compatibility with npm and a package published via npm which works fine when installed via npm should also be fine on yarn -- regardless of if it follows the semver spec precisely or not.

I'm guessing this is a use-case npm noticed in too many packages and then just threw it in there to handle that case.

I think people should start follow the spec for tagging, but I agreed with you @benjie. A lot of packages are numbered in this way. Some people update the package accordingly (vue-lazyload is an example), but some tend to ignore.
It would be great to have this type of compatibility.

I wonder if we can have the tools npm and yarn warn users when they publish non-spec-compliant version numbers?

@benjie Unless this has changed within the past few months, npm behaves identically to yarn: it sorts lexicographically, e.g. alpha10 before alpha9.

I wonder if we can have the tools npm and yarn warn users when they publish non-spec-compliant version numbers?

The tricky thing is that these version numbers are spec-compliant. The dot-separated pieces of the prerelease version are just alphanumeric strings. My understanding is that pieces are compared as numbers if they're entirely numeric, otherwise they're compared as strings. I could make a version 1.0.0-daniel15 and the 15 would have no semantic meaning.

this behaviour differs from that of npm which does see -alpha10 as being newer than -alpha9.

Does npm behave like that? The npm semver calculator site says that ^1.0.0-rc12 matches 1.0.0-rc9 for vue-lazyload:

In practices, yes npm does behave like that.

Here's an example installing in a new empty directory:

$ npm install graphql-build@^0.0.1-alpha10

[...]

+ [email protected]
added 8 packages in 4.265s

There is [email protected] available which would be treated as newer than both [email protected] and [email protected] according to the semver spec, I think.

I believe it's the same as https://github.com/yarnpkg/yarn/issues/3560. @bestander suggested that we reuse the code here https://github.com/yarnpkg/yarn/blob/master/src/util/semver.js. I think if we use this to replace https://github.com/yarnpkg/yarn/blob/master/src/package-constraint-resolver.js#L26 it may work with preleases. Also the selective resolution feature I'm working on may also help?

sounds right, @kaylieEB