yarnpkg/yarn

Installing node modules without a version

Open

#5097 opened on Dec 16, 2017

View on GitHub
 (8 comments) (2 reactions) (1 assignee)JavaScript (41,514 stars) (2,731 forks)batch import
cat-buggood first issuehelp wanted

Description

Do you want to request a feature or report a bug? bug

What is the current behavior? Currently if I install a private module, via git/github, the next time yarn.lock is regenerated it will set the version to an empty string e.g.:

thing@semver:
  version ""

If the current behavior is a bug, please provide the steps to reproduce.

sh-3.2$ ls
node_modules	package.json
sh-3.2$ cat package.json
{
  "dependencies": {
    "@test/test": "antoligy/private-npm-package"
  }
}

sh-3.2$ yarn
yarn install v1.3.2
warning package.json: No license field
info No lockfile found.
warning No license field
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
✨  Done in 2.38s.

sh-3.2$ yarn
yarn install v1.3.2
warning package.json: No license field
warning No license field
[1/4] 🔍  Resolving packages...
error Package "@test/test@" doesn't have a "version".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
sh-3.2$

What is the expected behavior? It should resolve to a version of 0.0.0 (as happens on initial install), allowing for the private module to continue to be resolved. This is for continuity and especially useful with migration away from bower to yarn via bower-away.

Please mention your node.js, yarn and operating system version.

macOS High Sierra

$ yarn -v
1.3.2
$ node -v
v8.9.1

Contributor guide

Tech stack
nodejsjavascript
Domain
build system
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Basic understanding of Node.jsFamiliarity with yarn lockfile
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
50
Research direction
Investigate how yarn resolves git dependencies and stores versions in yarn.lock. Look at the resolver logic, likely in `src/resolvers/exotics/git resolver.js` and the lockfile serializer. The issue is that for git dependencies without a version, the lockfile entry gets an empty string instead of falling back to 0.0.0. Check the assignee's comments for any direction, and consider whether the fix should be in the resolution step or lockfile generation.