yarnpkg
Yarn installs wrong package version from github
Hello!
In package.json I have dependency "mypackage": "kesha-antonov/mypackage".
If I run yarn install it installs old version (not latest from master).
If I run yarn upgrade --check-files it installs latest version from master.
If I run again yarn install it installs old version.
I think it's bug. yarn install should install latest commit from master.
- macos high sierra
- node - 8.10.0
- yarn - 1.7.0
That's the expected behavior of yarn install. The reason being that the latest release of a package may have new/removed dependencies, which can cause your build to break. See this similar issue for more details: https://github.com/yarnpkg/yarn/issues/1978
Hello! @JoshuaScript
That's strange. It's my package. It doesn't have new deps. Just 1 line of code changed and it's still gets old version
@kesha-antonov I believe it installs the version specified in your yarn.lock or package.json, regardless if any dependencies have been modified, its a fail-safe of sorts.
@JoshuaScript yarn.lock has latest commit from github. If I run yarn upgrade --check-files it installs latest code (I can check it in node_modules). If I run yarn install it installs old code (!). Even when yarn.lock does have latest commit from github.
So it leads to unexpected bugs since the old code is used sometimes.
I too find this behavior highly irritating! Especially when I even specify a commit in the regular package.json, I expect yarn to install exactly that commit!
Cheers!
I just ran into this in 1.17.3 and this is truly maddening behavior. The docs for yarn install specify that "If yarn.lock is present and is enough to satisfy all the dependencies listed in package.json, the exact versions recorded in yarn.lock are installed", and yet, despite yarn.lock having the right commit hash, it still installs an older version. yarn upgrade installs the correct version, even though yarn.lock isn't modified at all. What is going on here?!
possible dupe of: https://github.com/yarnpkg/yarn/issues/4722
Itβs probably not good practice but this worked for me:
$ rm -rf node_modules yarn.lock
$ yarn
Basically purge node_modules and regenerate yarn.lock. This is probably not good practice.
Two things to note; this is slow and GitHub based dependencies appear to take longer to load (probably due to caching) than npm-based packages.
It looks like the following works the same:
rm yarn.lock && yarn
Again, this is probably not good practice.
I ran into this as well (v1.19.1) even though I was explicitly setting a commit hash in package.json. The package contents were still coming from an older commit.
The dependency looked like:
"<package-name>": "<owner>/<package-name>#<hash>"
I have same issue with bootstrap
"bootstrap": "twbs/bootstrap#9d50c6a18fcfd2e42ccc4e7b29d887c574bfadea"
macos catalina node - 13.8.0 yarn - 1.9.2
i face the same issue, my github package always get an older version after yarn (or yarn install) get called.
base on this https://github.com/yarnpkg/yarn/issues/4722, the solution is run yarn cache clean.
then run rm -r node_modules && yarn
now is works as expected
Same here. Whenever I install any new package I have to check my custom packages' files to ensure everything is correct. And it's not! yarn upgrade --check-files helps.
Just experienced the same issue on one of the machines (others are fine) while trying to yarn install after cloning Spacemeshos/Smapp repo.
In yarn.lock only semver package have a version 7.2.1 π€
yarn upgrade --check-files does not help as well.
Env:
- MBP M1
- MacOS 12.4
- yarn 1.22.19
- NodeJS 18.4.0
Here are the logs:
alice ~/workspace/smapp develop $ yarn
yarn install v1.22.19
[1/4] π Resolving packages...
[2/4] π Fetching packages...
[1/4] π Resolving packages...
[2/4] π Fetching packages...
[3/4] π Linking dependencies...
warning " > @continuous-auth/[email protected]" has unmet peer dependency "semantic-release@>=15.9.0 <16.0.0".
warning " > [email protected]" has unmet peer dependency "mocha@>=1.7.0".
[4/4] π¨ Building fresh packages...
[2/2] β electron
error /Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/electron: Command failed.
Exit code: 1
Command: node install.js
Arguments:
Directory: /Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/electron
Output:
node:internal/process/promises:288
triggerUncaughtException(err, true /* fromPromise */);
^
GotError [HTTPError]: Response code 404 (Not Found) for https://github.com/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip
at EventEmitter.<anonymous> (/Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/got/source/as-stream.js:35:24)
at EventEmitter.emit (node:events:537:28)
at module.exports (/Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/got/source/get-response.js:22:10)
at ClientRequest.handleResponse (/Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/got/source/request-as-event-emitter.js:155:5)
at Object.onceWrapper (node:events:652:26)
at ClientRequest.emit (node:events:549:35)
at origin.emit (/Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/@szmarczak/http-timer/source/index.js:37:11)
at HTTPParser.parserOnIncomingClient [as onIncoming] (node:_http_client:642:27)
at HTTPParser.parserOnHeadersComplete (node:_http_common:117:17)
at TLSSocket.socketOnData (node:_http_client:505:22) {
host: 'github.com',
hostname: 'github.com',
method: 'GET',
path: '/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip',
socketPath: undefined,
protocol: 'https:',
url: 'https://github.com/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip',
gotOptions: {
path: '/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip',
protocol: 'https:',
slashes: true,
auth: null,
host: 'github.com',
port: null,
hostname: 'github.com',
hash: null,
search: null,
query: null,
pathname: '/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip',
href: 'https://github.com/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip',
retry: {
retries: [Function (anonymous)],
methods: Set(6) { 'GET', 'PUT', 'HEAD', 'DELETE', 'OPTIONS', 'TRACE' },
statusCodes: Set(7) { 408, 413, 429, 500, 502, 503, 504 },
errorCodes: Set(8) {
'ETIMEDOUT',
'ECONNRESET',
'EADDRINUSE',
'ECONNREFUSED',
'EPIPE',
'ENOTFOUND',
'ENETUNREACH',
'EAI_AGAIN'
}
},
headers: {
'user-agent': 'got/9.6.0 (https://github.com/sindresorhus/got)',
'accept-encoding': 'gzip, deflate'
},
hooks: {
beforeRequest: [],
beforeRedirect: [],
beforeRetry: [],
afterResponse: [],
beforeError: [],
init: []
},
decompress: true,
throwHttpErrors: true,
followRedirect: true,
stream: true,
form: false,
json: false,
cache: false,
useElectronNet: false,
method: 'GET'
},
statusCode: 404,
statusMessage: 'Not Found',
headers: {
server: 'GitHub.com',
date: 'Wed, 13 Jul 2022 10:34:24 GMT',
'content-type': 'text/plain; charset=utf-8',
vary: 'X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With',
'permissions-policy': 'interest-cohort=()',
'cache-control': 'no-cache',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
'x-frame-options': 'deny',
'x-content-type-options': 'nosniff',
'x-xss-protection': '0',
'referrer-policy': 'no-referrer-when-downgrade',
'expect-ct': 'max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"',
'content-security-policy': "default-src 'none'; base-uri 'self'; connect-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self'; style-src 'unsafe-inline'",
'content-encoding': 'gzip',
'transfer-encoding': 'chunked',
'x-github-request-id': 'FFCC:4C19:9D72C6:A72A38:62CE9FAF',
connection: 'close'
},
body: undefined
}
i face the same issue, my github package always get an older version after
yarn(oryarn install) get called. base on this #4722, the solution is runyarn cache clean. then runrm -r node_modules && yarnnow is works as expected
I migrated machines recently and suddenly had a similar issue with yarn installing package versions that were newer than what was in the existing yarn.lock, which was not acceptable since it was an org repo at my job. Clearing the yarn cache and doing a fresh yarn install completely solved the issue. Thank you @hotaryuzaki for helping me stay sane.
