Specifying hash in the package json is not working · yarnpkg/yarn#3109

(5 评论) (0 反应) (0 负责人)JavaScript (41,514 star) (2,731 fork)batch import

cat-buggood first issuehelp wantedhigh-prioritytriaged

描述

Do you want to request a feature or report a bug?

Report a bug

What is the current behavior?

I have a stable branch in my project that gets updated every time the CI build passes. Eventually we want to be able to use that branch in our package.json, but I'm facing yarn issues with bad hash. See this other related issue: https://github.com/yarnpkg/yarn/issues/1916.

So to try and fix the hash issue we decided to specify the commit hash in the package.json itself, but yarn seems to be ignoring that entry.

If the current behavior is a bug, please provide the steps to reproduce.

Here is our package.json entry:

{
   ...
   "dependencies": {
      "grommet": "https://github.com/grommet/grommet/tarball/stable#85a1b40e4616fe54e4e13fdd9350128d1f0508e6",
   }
}

Here is the yarn.lock section:

"grommet@https://github.com/grommet/grommet/tarball/stable#85a1b40e4616fe54e4e13fdd9350128d1f0508e6":
  version "1.3.4"
  resolved "https://github.com/grommet/grommet/tarball/stable#2e18b1cba634cd1cfda9a3d601ae74fe77eacee1"

What is the expected behavior?

You can see that the yarn.lock resolved to latest hash in my stable branch, where I was expecting it to resolve to the hash that I've specified.

Please mention your node.js, yarn and operating system version.

Node: v7.3.0 NPM: 3.10.10 Yarn: 0.21.3

贡献者指南

技术栈: javascriptnodejs
领域: tooling
议题类型: bug
难度: 3
预计时间: 1-3 hours
活动状态: stale
清晰度: clear
前置要求: basic understanding of yarnpackage.json dependencies
新手友好度: 30
研究方向: Investigate yarn's tarball resolution logic in the resolver module, specifically how the hash from package.json is parsed and compared to the resolved URL. Look at existing tests for similar dependencies. Since this is the 1.x line and frozen, consider if the issue has been fixed in berry (2.x).