Yarn: Yarn installs package without version and creates breaking error
Do you want to request a feature or report a bug?
Reporting a bug
What is the current behavior?
If I run this
$ yarn add github:Studio-42/elFinder
It will successfully install the package, but it will add this to the lockfile:
"elFinder@github:Studio-42/elFinder":
version ""
resolved "https://codeload.github.com/Studio-42/elFinder/tar.gz/12383f05a30d61bf3ead4f94dbfe0a3a3073bfa9"
This is because the package.json file in the GitHub repo is missing the version field.
Next, I'll run this
$ yarn add some-other-package
And get this error:
yarn add v1.3.2
[1/4] Resolving packages...
error Package "elFinder@" doesn't have a "version".
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.
Because of the empty version in the lockfile.
If the current behavior is a bug, please provide the steps to reproduce.
See above steps.
What is the expected behavior?
Don't install the package that is missing the version; do what NPM does when I try to install the same package:
$ npm install --save github:Studio-42/elFinder
npm ERR! Can't install github:Studio-42/elFinder#12383f05a30d61bf3ead4f94dbfe0a3a3073bfa9: Missing package version
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\Joshua\AppData\Roaming\npm-cache\_logs\2018-01-30T01_29_17_779Z-debug.log
This prevents the lock file from being corrupted and preventing additional commands from being run.
Please mention your node.js, yarn and operating system version.
Node.js v9.4.0
Yarn 1.3.2
Windows 10.0.16299
Additional Info
I should mention that both #1602 and #4052 seem to concern the same issue, but both of them were closed without addressing what I believe is the actual problem: the fact that yarn will install an invalid package in the first place and thus corrupt the lockfile.
JoshuaCWebDeveloper
All 13 comments
Thanks for reporting.
This should be relatively easy ti fix, I suppose git dependencies should either have version mandatory or there should be no check for version in the follow up installs.
Contribution is very much welcome, the core team is all busy with high priority fixes.
bestander
on 30 Jan 2018
@bestander I'd be interested in taking a look at this, if no one else has claimed it
mhchen
on 3 Feb 2018
Go ahead, thanks!
On Fri, Feb 2, 2018 at 10:33 PM Mike Chen notifications@github.com wrote:
@bestander https://github.com/bestander I'd be interested in taking a
look at this, if no one else has claimed it—
You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub
https://github.com/yarnpkg/yarn/issues/5292#issuecomment-362784826, or mute
the thread
https://github.com/notifications/unsubscribe-auth/ACBdWN3BRVVdSA9Z0KyPgqnlxYYC5Eocks5tQ_3DgaJpZM4Rxo8l
.
bestander
on 3 Feb 2018
@bestander if I'm understanding correctly, tests on e.g. github actually pull down from remote repos? If so, what do you think the best way to set up a stable repo with an invalid package.json when I'm writing my test? I could commit one to my own Github account but of course concern is I could forget about it and delete it. Do you ever set up dummy repos on this org, or can you think of a better way to handle this? Thanks!
mhchen
on 3 Feb 2018
@mhchen, we have a repo for tests https://github.com/yarnpkg/example-yarn-package
Would a branch there work?
Send a PR, I'll merge
bestander
on 4 Feb 2018
@bestander I created a branch here but I wasn't able to create a new branch via PR. Possible to create a new branch for me in that repo called invalid-package-json-version that I can merge into? Thanks!
mhchen
on 4 Feb 2018
bestander
on 4 Feb 2018
@bestander sorry to bother you, still trying to figure out the best way for testing this update. I wanted to make sure I had a failing test case first, but the issue is that when I use runAdd as in other examples within the test, running add on a repo with missing version already fails correctly, with the error:
● install from github with invalid version should fail
Error: Package "example-yarn-package@" doesn't have a "version".
The issue is that when I use runAdd like in other tests, it fails when running check here: https://github.com/yarnpkg/yarn/blob/master/__tests__/commands/add.js#L39
The real behavior of run does not seem to involve running check at any point, however. That's why, as of now, my solution involves doing a special check for a proper version in the target repo's package.json.
It's possible I don't know how check and add fit together. Should check in fact be running every time we run add? If so, I will update my solution to do that. If not, why are we running it in the tests for add?
mhchen
on 4 Feb 2018
Hm, maybe making a test against a local git repo?
bestander
on 4 Feb 2018
@bestander I really just needed to figure out how to assert on the error message being produced by the new functionality. I found a workaround for this and left a note about it in the PR. Hopefully it makes sense!
Also apologies about the commit thrash
mhchen
on 5 Feb 2018
master branch on github has no version.
Specify tag of the repo: "https://github.com/Studio-42/elFinder.git#2.1.39".
I made it work like this:
package.json:
"dependencies": {
...
"elfinder": "https://github.com/Studio-42/elFinder.git#2.1.39",
and then yarn install.
maxivak
on 15 Jun 2018
Have tried this with Wappalyze
"wappalyzer": "https://github.com/AliasIO/Wappalyzer.git#5.7.4"
However not working
fwahlqvist
on 18 Apr 2019
I'm trying to install:
yarn add PolymerElements / app-layout # ^ 2
with this specific version ...
But it gives me an error, invalid package version undefined.
How can I solve it?
angelo24782
on 12 Sep 2019
Related issues
ocolot
·
3Comments
bouk
·
3Comments
baptistelebail
·
3Comments
esphen
·
3Comments
NonPolynomial
·
3Comments