fabric8-analytics-vscode-extension icon indicating copy to clipboard operation
fabric8-analytics-vscode-extension copied to clipboard

Published 20 hours ago verified publisher icon fabric8-analytics

[BUG] alters package.json and generates package-lock.json in projects that don't use npm

Open willmakley opened this issue 1 year ago • 4 comments

Describe the bug With the extension installed, I find that package.json get spontaneously modified and package-lock.json gets spontaneously generated in my project that uses yarn.

To Reproduce Create a yarn project. Use this extension.

Expected behavior If it doesn't support yarn, it should at least detect yarn.lock and show a warning and not run npm commands that break my project.

willmakley avatar Sep 13 '24 16:09 willmakley

I also encountered this issue. I uninstalled the plugin, and the problem was resolved.

yc-w-cn avatar Sep 23 '24 12:09 yc-w-cn

Seems to be an ongoing problem on version 0.9.5 of the extension. You can either downgrade to v0.9.4 or disable to fix.

yohkaii avatar Sep 24 '24 10:09 yohkaii

Related to #731, #732 and #736, although probably not duplicate.

Fydon avatar Oct 03 '24 11:10 Fydon

Yes! it adds "packagename": "file: " to package.json constantly breaking any builds! It took me forever to hunt down because it started happening just as i had added some new packages. Thought i was going crazy until i found it.

johanklingberg avatar Oct 09 '24 19:10 johanklingberg

I'm seeing this as well version 0.9.5.

jhechtf avatar Nov 05 '24 19:11 jhechtf

The reports are generated by https://github.com/RHEcosystemAppEng/exhort-javascript-api and according to it:

The Supported Ecosystems are:

Java - Maven JavaScript - Npm Golang - Go Modules Python - pip Installer Gradle - Gradle Installation

Notice that for the Java world there was the need to implement the dependency scanner for both Maven and Gradle separately. The same will need to be done for the Javascript world. Currently only NPM is supported and Yarn implementation will require some effort.

carlosthe19916 avatar Feb 14 '25 17:02 carlosthe19916

@carlosthe19916 it would be enough to not run npm commands in yarn projects. I don't need this extension to work so much as to not break things. The current behavior is causing mysterious breakages and changes that are extremely difficult to understand and track down.

willmakley avatar Feb 14 '25 17:02 willmakley

@carlosthe19916 it would be enough to not run npm commands in yarn projects. I don't need this extension to work so much as to not break things. The current behavior is causing mysterious breakages and changes that are extremely difficult to understand and track down.

That's a fair point

carlosthe19916 avatar Feb 14 '25 17:02 carlosthe19916