Yarn: An unexpected error occurred: "Commit hash required".
I've got a project, that has been running fine for months, where suddenly adding/installing eth-lightwallet fails during fetching packages with An unexpected error occurred: "Commit hash required".
Suddenly is defined as between March 21st, 9:51AM CET - March 22nd, 5:30PM CET with a commit that did not touch the package.json or lock files (just a css and html fix)
I've tried:
- changing node version 7.7.4 and 7.7.1 (on 7.7.1 it worked before without question)
- removing all caches, npm_modules, lockfiles
- it fails both on a linux (alpine and debian) ci docker image, and on OSX
- created a new project and added it. this worked, so it's my dependency set that breaks it
- it appears to be related to bignumber.js in the dependencies, so tried a lot of different formats in https://github.com/roderik/eth-lightwallet.git
- added
if (!commit) console.log(_this2)to my git-fetcher.js line 113 and installed usingyarn add https://github.com/roderik/eth-lightwallet.git --verbose --network-concurrency 1 --forceResult: https://gist.github.com/roderik/f5ff6abfcdcdb364f2a5327016317de0 and the error log, but this does not show a reason for the commit hash to be empty - it installs fine with npm, so it's my dependencies + yarn
I'm stumped and reverted to yarn install || npm i on my ci, but this is not really the way it's supposed to be.
roderik
All 24 comments
Seeing this as well. Can't seem to get out of it either.
grydstedt
on 24 Mar 2017
try regenerating your yarn.lock file? the resolved link has been changed for external dependencies -
i had a dependency that looks like
"leaflet.markercluster": "Leaflet/Leaflet.markercluster#leaflet-0.7"
and it originally resolves to
resolved "https://codeload.github.com/Leaflet/Leaflet.markercluster/tar.gz/232e93ccbe5b70241913f47a4d1a8ceec8c88c30" which the git-fetcher fails to extra commit hash from
i changed the dependency to
"leaflet.markercluster": "git://github.com/Leaflet/Leaflet.markercluster#leaflet-0.7"
and it then resolves to
resolved "git://github.com/Leaflet/Leaflet.markercluster#232e93ccbe5b70241913f47a4d1a8ceec8c88c30"
this only fails for me when:
- there's linked dependency - project depends on A and B, and A depends on B, and
- using
yarn install --pure-lockfile(yarn installworks)
sixinli
on 29 Mar 2017
Seeing this error as well.
My yarn-error.log: https://gist.github.com/s3ththompson/39bf7d98faeef3811d8a5bc747427b74
s3ththompson
on 2 Apr 2017
Same here - I'm also seeing some duplicate entries from nested dependencies unless I use the git://github.com format.
kaicataldo
on 3 Apr 2017
I haven't tracked down an exact repro yet, but I was running into issues installing "inline-styles": "^1.0.0" (inline-styles) which in turn has a dependency on cheerio of the form git://github.com/cheeriojs/cheerio. I believe the cheerio dependency was what was breaking...
s3ththompson
on 4 Apr 2017
I am having same issue
yarn-error.txt
smitt04
on 11 Apr 2017
Same issue as well
We are using "next" in pkg.json for "uport-connect" possibly the issue?
yarn-error.txt
jeffscottward
on 14 Apr 2017
Found out this problem has to do with `git, especially when the dependency was resolving to a git url with out a commit hash as the version. It makes since as there is no way to lock down the version when you are just loading what ever is in master. Removing all git dependencies resolved this issue for me.
smitt04
on 14 Apr 2017
@smitt04 Glad you found a workaround. Not an option for us, unfortunately :(
kaicataldo
on 14 Apr 2017
@smitt04 @kaicataldo I don't follow that there is no way to lock down a version when you are loading from master... it seems as though the yarn.lock should track the commit hash that matches HEAD at the time the git dependency is installed.
s3ththompson
on 14 Apr 2017
Removing all git dependencies resolved this issue for me.
@smitt04
What exactly does this mean? As in stuff that doesn't exist on NPM? Some sort of git tooling?
jeffscottward
on 17 Apr 2017
@roderik, can you share a yarn.lock + package.json that reproduce the issue?
The trick with git dependencies is that sometimes hash can be a commit hash and other times it can be a sha1 hash.
bestander
on 17 Apr 2017
@jeffscottward what i meant was that any npm packages in my package.json file that referenced by a git url i switched to use the npm version and it fixed the issues i was having.
smitt04
on 17 Apr 2017
@bestander everything is in https://gist.github.com/roderik/f5ff6abfcdcdb364f2a5327016317de0
roderik
on 17 Apr 2017
Seeing this as well even after a yarn cache clean and removal of the node_modules folder
jeremyong
on 17 Apr 2017
I am having the issue too. Downgrading to an older version seems to solve it for me on Heroku. Maybe the following dependency in my package.json causes trouble: "autofill-event": "weyert/autofill-event",
weyert
on 17 Apr 2017
I just started seeing this on Heroku today as well, with version 0.22.0 of yarn. Changing to version 0.23.2 fixed it.
Change the version on Heroku by adding to package.json:
{
"engines": {
"yarn": "0.23.2"
}
}
levity
on 17 Apr 2017
Yay! Thanks @levity! Adding
{
"engines": {
"yarn": "0.23.2"
}
}
to my package.json on BitBucket did the trick!
Actually, it's weird because my bitbucket docker container already has 0.23.2.
matrunchyk
on 18 Apr 2017
I thought 23.2 fixed this issue for a little while, but I ran into it again trying to remove a dependency from yarn.lock.
s3ththompson
on 25 Apr 2017
Also seeing an error when managing the eth-lightwallet dependency with Yarn. After installing the dependency, subsequent yarn commands (add, install) fail with this error:
An unexpected error occurred: "ENOENT: no such file or directory, open '/Users/luke/Library/Caches/Yarn/v1/npm-bignumber.js-2.0.7-c4840fe42268643818b2730ebedb0eec7271ee42/.yarn-metadata.json
Running yarn cache clean and removing node_modules and the yarn.lock file resolves the issue but re-running yarn install will cause the issue to resurface.
Looks like eth-lightwallet actually depends on a particular commit of a fork of bignumber.js - @bestander guess this could be the culprit?
Seems that if I install a new dependency, Yarn always tries to install bignumber.js again:
โ yarn add react-motion
yarn add v0.23.2
[1/4] ๐ Resolving packages...
[2/4] ๐ Fetching packages...
[3/4] ๐ Linking dependencies...
[4/4] ๐ Building fresh packages...
success Saved lockfile.
success Saved 5 new dependencies.
โโ [email protected]
โโ [email protected]
โโ [email protected]
โโ [email protected]
โโ [email protected]
โจ Done in 10.62s.
lukehedger
on 26 Apr 2017
Thanks for more data.
We are tracking a set of issues related to git hosted dependencies, apparently there are many edge cases to consider.
We'll sort it out soon.
bestander
on 8 May 2017
Is this still an issue? Can someone try with a recent version of Yarn?
BYK
on 27 Oct 2017
@BYK I'm still seeing this issue :/
edit: I'm not seeing this issue -- I had a bad https setup (invalid token), but the error message shows "Commit Hash Required"
rymndhng
on 9 Nov 2017
I was having the same issue, what solved for me was change the import on package.json
from: "react-common": "git+https://github.com/vizinhanca/react-common.git#master"
to: "react-common": "git+ssh://[email protected]/vizinhanca/react-common.git#master",
hugodutra-zz
on 29 Mar 2018
Related issues
torifat
ยท
3Comments
MunifTanjim
ยท
3Comments
seansfkelley
ยท
3Comments
esphen
ยท
3Comments
sebmck
ยท
3Comments
Most helpful comment
Thanks for more data.
We are tracking a set of issues related to git hosted dependencies, apparently there are many edge cases to consider.
We'll sort it out soon.