yarn icon indicating copy to clipboard operation
yarn copied to clipboard
verified publisher icon yarnpkg

yarn installs incorrect version for typescript, because dist-tag is ignored

Open donaldpipowitch opened this issue 9 years ago • 6 comments

Do you want to request a feature or report a bug?

bug

What is the current behavior? If the current behavior is a bug, please provide the steps to reproduce.

You have an empty package.json:

{
  "name": "yarn-test",
  "version": "1.0.0",
  "private": true
}

You run $ yarn add typescript:

yarn add v0.18.0
info No lockfile found.
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
└─ [email protected]
✨  Done in 0.68s.

You now have this package.json:

{
  "name": "yarn-test",
  "version": "1.0.0",
  "private": true,
  "dependencies": {
    "typescript": "^2.0.10"
  }
}

And this yarn.lock:

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


typescript@^2.0.10:
  version "2.0.10"
  resolved "https://registry.yarnpkg.com/typescript/-/typescript-2.0.10.tgz#ccdd4ed86fd5550a407101a0814012e1b3fac3dd"

Now remove the yarn.lock and run $ yarn install.

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1


typescript@^2.0.10:
  version "2.1.1"
  resolved "https://registry.yarnpkg.com/typescript/-/typescript-2.1.1.tgz#41c2b64472f529331b2055c0424862b44ce58d42"

Now [email protected] was installed which is wrong. The latest version of Typescript is 2.0.10 which was installed in the first run. 2.1.1 is released with an @rc dist-tag.

$ npm i --save typescript@next
└── [email protected]

$ npm i --save typescript@rc
└── [email protected]

$ npm i --save typescript@latest
└── [email protected]

What is the expected behavior?

Install [email protected] again.

Please mention your node.js, yarn and operating system version.

$ node -v
v6.9.1

$ yarn -V
0.18.0

macOS 10.12.1

donaldpipowitch avatar Dec 05 '16 10:12 donaldpipowitch

Any plans when this will be fixed ? I have the same issue with the latest typescript version: #2655

cebor avatar Feb 09 '17 12:02 cebor

Are there any workarounds for this? I'm getting 2.3.0 rc installed for "typescript": "^2.2.1" in my package.json.

mdouglass avatar Apr 15 '17 02:04 mdouglass

Any update on this? This is affecting release of things like Angular. An upcoming release was put on npm with the tag @next but everyone pinned to the major ('^4.0.0') started getting it early.

StephenFluin avatar Jun 09 '17 22:06 StephenFluin

@StephenFluin Angular should not be affected, because it uses a suffix like -rc.x in its rc releases.

Only repos using normal semver versions and tag these as rc with npm like typescript does are affected.

For Example:

  • Angular
// npm info  @angular-core
{
  "dist-tags": {
    "rc": "4.1.0-rc.0",
    "latest": "4.0.0"
  },
  "versions": [
    "4.0.0",
    "4.1.0-rc.0"
  ]
}

yarn add angular-core # installs 4.0.0
  • Typescript
// npm info typescript
{
  "dist-tags": {
    "rc": "2.4.0",
    "latest": "2.3.0"
  },
  "versions": [
    "2.3.0",
    "2.4.0"
  ]
}

yarn add typescript # installs 2.4.0, and its wrong - should be 2.3.0

cebor avatar Jun 13 '17 13:06 cebor

I just got bit by this today. Is Yarn by design ignoring dist-tags? Or is this a bug to be fixed?

BruceHubbard avatar Oct 12 '17 18:10 BruceHubbard

Having the same issue. Installs 5.4.5 when package.json has ^5.2.2.

abdullah-txfusion avatar May 17 '24 12:05 abdullah-txfusion