Yarn: Docs are unclear about the difference between `yarn check` and `yarn check --integrity`
The docs currently say:
* yarn check
Verifies that versions of the package dependencies in the current project’s
`package.json` matches that of yarn’s lock file.
* yarn check --integrity
Verifies that versions and hashed value of the package contents in the project’s
`package.json` matches that of yarn’s lock file. This helps to verify that the package
dependencies have not been altered.
To me, that means --integrity is a complete superset of the former.
However:
(a) yarn check takes longer to run than yarn check --integrity rather than the other way around (2.5s vs 6.5s for my current project)
(b) the source shows that there are actually two completely different checks, rather than a mode that enables greater/fewer checks.
It seems like I'm not the only one who found this confusing:
https://github.com/yarnpkg/yarn/issues/674#issuecomment-256943788
...and that comment makes me wonder if the docs have a typo, and that for the non-integrity mode, the docs meant to say node_modules rather than package.json?
Many thanks!
edmorley
All 6 comments
Also under yarn 0.21.3 at least, yarn check --help has no description for the --integrity and --verify-tree flags.
edmorley
on 10 Mar 2017
Perhaps we can fill in the gaps in discussion here?
yarn check - checks versions listed in package.json against versions resolved in .yarn.cache (???)
yarn check --verify-tree - ???
yarn check --integrity -
checks if
node_modules/.yarn-integritymatches what a successfulyarn installwould generate - https://github.com/yarnpkg/yarn/issues/674#issuecomment-256943788
(Although I really just want to know how to tell if yarn install needs to be run or not...)
tvald
on 2 Nov 2017
Relatedly, there are grammar errors in the current descriptions of yarn check that make them hard to understand.
Verifies that versions of the package dependencies in the current project's
package.jsonmatches that of yarn's lock file.
“that of” should be “those of”. Or we could write it out again and say “matches the versions in yarn’s lock file”.
Verifies that versions and hashed value of the package contents in the project's
package.jsonmatches that of yarn's lock file.
“those of” is needed again. But there is another confusing part: is “hashed value”. It should be changed to either “the hashed value” (of all package’s contents) or “hashed values” (of each package’s contents), but it’s not clear which is correct. Even if one of those phrases were chosen, I still wouldn’t really understand exactly what files are hashed.
roryokane
on 19 May 2018
I've read the source code in order to document --verify-tree here: https://github.com/yarnpkg/website/pull/836
gnarea
on 11 Jun 2018
@gnarea Thank you for taking the time to read the code and update the documentation!
But after reading the new documentation I'm still confused why yarn check takes much longer than yarn check --integrity. Do you have any clue?
keimlink
on 20 Jun 2018
"yarn check" (without switches) uses a third algorithm, which I didn't
spend much time looking into at the time. All I remember at this point is
that it does a lot more than --integrity or --verify-tree.
On Wed, 20 Jun 2018, 18:10 Markus Zapke-GrĂĽndemann, <
[email protected]> wrote:
@gnarea https://github.com/gnarea Thank you for taking the time to read
the code and update the documentation!But after reading the new documentation I'm still confused why yarn check
takes much longer than yarn check --integrity. Do you have any clue?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/yarnpkg/yarn/issues/2890#issuecomment-398826491, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAWkx0bjCdoujJXxDXA7430N4do3lw25ks5t-oIfgaJpZM4MZ1Ba
.
gnarea
on 25 Jun 2018
Related issues
davidmaxwaterman
·
3Comments
AzGoalie
·
3Comments
victornoel
·
3Comments
seansfkelley
·
3Comments
esphen
·
3Comments
Most helpful comment
Perhaps we can fill in the gaps in discussion here?
yarn check- checks versions listed inpackage.jsonagainst versions resolved in.yarn.cache(???)yarn check --verify-tree- ???yarn check --integrity-(Although I really just want to know how to tell if
yarn installneeds to be run or not...)