berry icon indicating copy to clipboard operation
berry copied to clipboard

Published 20 hours ago verified publisher icon yarnpkg

yarn install (v4) will fail the first time with packages from private registry (artifactory).

Open danielplappert opened this issue 1 year ago • 10 comments

Self-service

  • [ ] I'd be willing to implement a fix

Describe the bug

In our project we are currently using yarn v1. We are able to download packages from our private registry (artifactory). Our packages are scoped packages, which means our package.json looks like this:

 ...
 "dependencies": {
    "@mui/icons-material": "^5.9.1",
    "@private/lib1": "1.2.2",
    "@private/lib2": "1.0.2",
 ...

With yarn v1 everything works fine. Now we want to upgrade to yarn v4. We migrated .npmrc to .yarnrc.yml

npmScopes:
  private:
    npmAlwaysAuth: true
    npmRegistryServer: "https://artifactory.company.com/artifactory/api/npm/private-npmjs/"
    npmAuthToken: MY_TOKEN

and also set yarn version to berry. So far so good. But the first time we run

yarn install

yarn failed with the following error:

➤ YN0001: │ Error: @private/lib1@npm:1.2.2: @private/lib1@npm:1.2.2::__archiveUrl=https%3A%2F%2Fartifactory.company.com%3A443%2Fartifactory%2Fapi%2Fnpm%2Fprivate-npmjs%2F%40private%2Flib1%2F-%2F%40private%2Flib1-1.2.2.tgz%23 isn't supported by any available resolver

When we remove our own (private) dependencies

 "dependencies": {
    "@mui/icons-material": "^5.9.1",
 ...

and run yarn install again, yarn is downloading all packages without any error. After the first run of yarn install we can now add our dependencies again:

 ...
 "dependencies": {
    "@mui/icons-material": "^5.9.1",
    "@private/lib1": "1.2.2",
    "@private/lib2": "1.0.2",
 ...

and re-run yarn install. NOW the packages from our private registry are downloaded and installed as well. There are no errors.

It seems, that only the first time we run yarn install there is a problem with installing packages from our registry. The problem is, that this also happens in our gitlab pipelines, which means, we are currently unable to build our app with yarn v4.

To reproduce

Create a project containing packages from a private registry using yarn v1.

Upgrade to yarn v4 as described here: https://yarnpkg.com/migration/guide

After running yarn install, installation will fail. Remove all packages of your private registry in your package.json, and re-run yarn install again. Installation will now succeed. Undo your changes in package.json and run yarn install again.

Environment

System:
  OS: macOS 13.5.1
  CPU: (16) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
Binaries:
  Node: 20.9.0 - /private/var/folders/bf/kpd557n94931bg65fm4mw7cm0000gn/T/xfs-246c0f58/node
  Yarn: 4.0.0 - /private/var/folders/bf/kpd557n94931bg65fm4mw7cm0000gn/T/xfs-246c0f58/yarn
  npm: 10.1.0 - /usr/local/bin/npm
  pnpm: 8.10.0 - /usr/local/bin/pnpm

Additional context

No response

danielplappert avatar Oct 29 '23 09:10 danielplappert

Same issue

n3m6 avatar Dec 22 '23 08:12 n3m6

the following .yarnrc.yml file worked for some reason.

enableGlobalCache: true
checksumBehavior: reset
defaultSemverRangePrefix: ""
enableColors: true
enableConstraintsChecks: true
nmHoistingLimits: workspaces
nodeLinker: pnp
preferInteractive: false
yarnPath: .yarn/releases/yarn-4.0.2.cjs
npmRegistries:
  //gitlab.com/api/v4/projects/xxx/packages/npm/:
    npmAlwaysAuth: true
npmScopes:
  private:
    npmRegistryServer: ""
    npmAlwaysAuth: true

I suspect it has to do with nodeLinker, but I"m not sure.

n3m6 avatar Dec 22 '23 08:12 n3m6

same issue too

siosio34 avatar Jan 08 '24 10:01 siosio34

I deleted the yarn.lock file and installed the dependencies again and that fixed the error.

azeezat avatar Jan 10 '24 18:01 azeezat

same issue too

yongsk0066 avatar Jan 16 '24 06:01 yongsk0066

I had a similar issue, yarn v3.6.1, github npm registry. It worked for my .yarnrc.yml :

npmRegistries:
  "https://npm.pkg.github.com":
    npmAlwaysAuth: true
    npmAuthToken: ${NPM_AUTH_TOKEN}

npmScopes:
  myscope:
    npmRegistryServer: https://npm.pkg.github.com

The package.json for my package looks like:

{
  "name": "@myscope/my-package-name",
  "version": "1.0.10",
  "publishConfig": {
    "@myscope:registry": "https://npm.pkg.github.com"
  },
  ...
  "dependencies": {
    "aes-cross": "^1.1.2"
  }
}

laliux avatar Jan 24 '24 02:01 laliux

when you yarn install with internal repository it seems to create a yarn.local file containing resolution with __archiveURL pointing to that internal repository, when you cleaned and tried without internal repository it creates a yarn.lock file containing resolution but this time without __archiveURL . Howvere this resolution without archiveURL is still able to be used with internal repository .
IMO there should be an override flag to to ignore archiveURL because this issue breaks pipelines where development and build chains have different internal urls.

The fix is to use this sed -i -e "s#https://registry.yarnpkg.com/#{YOUR_CI_REGISTRY}#g" yarn.lock

i believe this used to work sed -i -e "/resolved:* .*$/d" yarn.lock which was cleaner but v4 requires resolution.

Yarn team any suggestions ? Respository such as artifactory might not have the desired url scheme but it would still be nice to have over ride features for users to get around issues like this.

sumasagrp avatar Feb 01 '24 16:02 sumasagrp

I deleted the yarn.lock file and installed the dependencies again and that fixed the error.

This fixed it for me. Check if the yarn.lock has been migrated/converted to the new format. If not, then deleting it and re-running yarn install solves it

dnguyentien-lmi avatar Feb 14 '24 16:02 dnguyentien-lmi

I faced this issue migrating from yarn 1 to yarn 4 with a private npm server (artifactory). My fix was to first update to yarn 2 with yarn set version 2.x then run yarn install, which updates the lockfile to the new expected format, and then update to yarn 4 with yarn set version berry and then re-run yarn install.

scotteratigan avatar Mar 23 '24 06:03 scotteratigan