yarnpkg
[Bug?]: PnP fails to resolve transitive dependencies dynamically required from cache (@aws-sdk/credential-provider-node)
Self-service
- [ ] I'd be willing to implement a fix
Describe the bug
I've been banging my head to the wall a couple of days with this issue. Fixing this is outside of my competence but I'll summarise some discoveries I've done. All in all, I cannot use the PnP loader as long as I want to use any aws-sdk service that uses credentials.
When using @aws-sdk/credential-provider-node with PnP, resolution fails for its credential provider dependencies at runtime when the SDK dynamically requires them. The error occurs during actual credential resolution, not at module import time.
The packages are:
- Explicitly declared in dependencies in package.json
- Added via packageExtensions in .yarnrc.yml
- Forced to consistent versions via resolutions
- Present in cache as zip files
- Registered in .pnp.cjs
- Can be manually verified to exist
Environment:
- Yarn: 4.10.3
- Node: 20.x and 22.x (tested both)
- nodeLinker: pnp
- pnpMode: loose
- pnpFallbackMode: all
To reproduce
.yarnrc.yml
nodeLinker: pnp
pnpMode: loose
pnpFallbackMode: all
packageExtensions:
"@aws-sdk/credential-provider-node@*":
dependencies:
"@aws-sdk/credential-provider-ini": "*"
"@aws-sdk/credential-provider-env": "*"
"@aws-sdk/credential-provider-http": "*"
"@aws-sdk/credential-provider-process": "*"
"@aws-sdk/credential-provider-sso": "*"
"@aws-sdk/credential-provider-web-identity": "*"
package.json
{
"dependencies": {
"@aws-sdk/client-bedrock-runtime": "^3.947.0",
"@aws-sdk/credential-provider-node": "^3.947.0",
"@aws-sdk/credential-provider-ini": "^3.947.0",
"@aws-sdk/credential-provider-env": "^3.947.0",
"@aws-sdk/credential-provider-http": "^3.947.0",
"@aws-sdk/credential-provider-process": "^3.947.0",
"@aws-sdk/credential-provider-sso": "^3.947.0",
"@aws-sdk/credential-provider-web-identity": "^3.947.0"
}
}
Minimal reproduction
const { defaultProvider } = require('@aws-sdk/credential-provider-node');
const { BedrockRuntimeClient, ConverseCommand } = require('@aws-sdk/client-bedrock-runtime');
const client = new BedrockRuntimeClient({
region: 'eu-central-1',
credentials: defaultProvider()
});
const response = await client.send(new ConverseCommand(params)); // Error occurs HERE when SDK tries to resolve credentials
Environment
System:
OS: Linux 6.10 Debian GNU/Linux 12 (bookworm) 12 (bookworm)
CPU: (10) arm64 unknown
Binaries:
Node: 22.21.1 - /tmp/xfs-4f63b23f/node
Yarn: 4.10.3 - /tmp/xfs-4f63b23f/yarn
npm: 10.9.4 - /usr/local/bin/npm
Additional context
The stack trace shows ESM resolver (node:internal/modules/esm/resolve) even though this is a CommonJS require() call from /dist-cjs/index.js. This may be related to Node.js 22's new ESM/CJS interop.
Error [ERR_MODULE_NOT_FOUND]: Cannot find package '@aws-sdk/credential-provider-ini' imported from /app/.yarn/cache/@aws-sdk-credential-provider-node-npm-3.948.0-cabaae5a1d-720e0b2437.zip/node_modules/@aws-sdk/credential-provider-node/dist-cjs/index.js
Did you mean to import "@aws-sdk/credential-provider-ini/dist-cjs/index.js"?
at Object.getPackageJSONURL (node:internal/modules/package_json_reader:314:9)
at packageResolve (node:internal/modules/esm/resolve:767:81)
at moduleResolve (node:internal/modules/esm/resolve:853:18)
at defaultResolve (node:internal/modules/esm/resolve:983:11)
at #cachedDefaultResolve (node:internal/modules/esm/loader:731:20)
at ModuleLoader.resolve (node:internal/modules/esm/loader:708:38)
at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:310:38)
- Package exists in cache: /app/.yarn/cache/@aws-sdk-credential-provider-ini-npm-3.948.0-71aeb891b4-4b02628484.zip
- Package registered in .pnp.cjs: ["@aws-sdk/credential-provider-ini", "npm:3.948.0"]
- Manual resolution fails: node -r /app/.pnp.cjs -e "require.resolve('@aws-sdk/credential-provider-ini')" # Error: Cannot find module '@aws-sdk/credential-provider-ini'
- Works with nodeLinker: node-modules
Expected: PnP should resolve packages that are explicitly declared, cached, and registered, especially when accessed from within other PnP-managed packages.
Actual: PnP throws MODULE_NOT_FOUND when credential-provider-node (inside a zip) tries to dynamically require credential-provider-ini (also in a zip).
Workaround: Switch to nodeLinker: node-modules
