Yarn: Installing node modules without a version

Created on 17 Dec 2017 · 7Comments · Source: yarnpkg/yarn

Do you want to request a feature or report a bug?
bug

What is the current behavior?
Currently if I install a private module, via git/github, the next time yarn.lock is regenerated it will set the version to an empty string e.g.:

thing@semver:
  version ""

If the current behavior is a bug, please provide the steps to reproduce.

sh-3.2$ ls
node_modules    package.json
sh-3.2$ cat package.json
{
  "dependencies": {
    "@test/test": "antoligy/private-npm-package"
  }
}

sh-3.2$ yarn
yarn install v1.3.2
warning package.json: No license field
info No lockfile found.
warning No license field
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
✨  Done in 2.38s.

sh-3.2$ yarn
yarn install v1.3.2
warning package.json: No license field
warning No license field
[1/4] 🔍  Resolving packages...
error Package "@test/test@" doesn't have a "version".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
sh-3.2$

What is the expected behavior?
It should resolve to a version of 0.0.0 (as happens on initial install), allowing for the private module to continue to be resolved. This is for continuity and especially useful with migration away from bower to yarn via bower-away.

Please mention your node.js, yarn and operating system version.

macOS High Sierra

$ yarn -v
1.3.2
$ node -v
v8.9.1

cat-bug good first issue help wanted

Source

alexwilson

👍2

Most helpful comment

It looks like with this https://github.com/yarnpkg/yarn/pull/5318 installation will start to fail. It seems to me it would be better to show a warning and then use 0.0.0 as the version. There are hundreds of dependencies (mostly polymer components) that do not have a version field. Yes, it is a required part of the spec, but breaking existing workflows doesn't seem like a good idea. Yarn works fine and uses a version of 0.0.0 when there is no package.json.

yrral86 on 23 Feb 2018

👍3

All 7 comments

As a workaround I assume you can just set a version in your package.json file (or copy/paste it from bower.json to package.json if moving from Bower).

rally25rs on 17 Dec 2017

Yeah! For the meantime, I've been doing that and it's working okay (sorry I didn't put anything to that effect in the description!).

I've submitted a few PRs to repositories where this is the case (as it is a required property in the package.json spec) however there are no guarantees that they'll all get addressed. On reflection, this issue is _super_ esoteric as it should only really affects bower components using package.json to manage their dev tooling!

alexwilson on 17 Dec 2017

yrral86 on 23 Feb 2018

👍3

Any updates on this?

Lesha-spr on 18 Oct 2018

Is there any update/workaround for this?

lbayerl on 4 Mar 2019

no update. As this is an open source project, anyone can pick it up and make a PR to fix this issue. I thought there used to be come somewhere in yarn that would set a missing version to 0.0.0 but maybe it was changed at some point.

rally25rs on 4 Mar 2019