yarn icon indicating copy to clipboard operation
yarn copied to clipboard

Published 20 hours ago verified publisher icon yarnpkg

yarn should warn if a resolution appears to attempt to change a top level dependency

Open sabrinaluo opened this issue 5 years ago • 18 comments

Do you want to request a feature or report a bug? feature request

What is the current behavior? Currently yarn why won't indicate any package info in the resolutions field

If the current behavior is a bug, please provide the steps to reproduce.

  1. install a package with any version, e.g "pkg": "^1.0.0"
  2. add resolutions field in package.json, pkg: "1.0.0"
  3. update "pkg": "^1.0.0" to "pkg": "^2.0.0" in deps
  4. run yarn why pkg

It only displays "pkg": "^2.0.0" being used, but no info about pkg: "1.0.0", while in yarn.lock, can find pkg: "1.0.0" related info

What is the expected behavior? expect to display resolutions package info as well

Please mention your node.js, yarn and operating system version. yarn: 1.16.0 macOS node: 8.16.0

sabrinaluo avatar Jun 05 '19 09:06 sabrinaluo

Hi @sabrinaluo,

according to https://yarnpkg.com/lang/en/docs/selective-version-resolutions/ it is only meant for subdependencies, not the toplevel dependencies as these would be normally set in the lockfile.

which lets you define custom package versions inside your dependencies through the resolutions field in your package.json file. Normally, this would require manual edits in the yarn.lock file.

DanielRuf avatar Jun 05 '19 09:06 DanielRuf

Try the following example and yarn why supports-color:

{
  "name": "yarn-pkg-test",
  "version": "1.0.0",
  "main": "index.js",
  "license": "MIT",
  "dependencies": {
    "chalk": "^2.4.2"
  },
  "resolutions": {
    "chalk/supports-color": "5.3.0"
  }
}

DanielRuf avatar Jun 05 '19 09:06 DanielRuf

Thanks to your quick response. @DanielRuf

Yes I understand it's for sub-dependencies, but there might be users make mistakes like me, so it would be great if this can be improved.

The case I encountered is having styled-components 3.4.x as dependency while a sub-dependency rebass requires styled-components 3.2.x. Instead resolutions: {rebass/styled-components: 3.2.x}, it's my bad to put resolutions: { "styled-components": "3.2.x"}. When starting the app, UI is always broken, say 'there might be two copy of styled-component', so I ran yarn why styled-components, only 3.4.x was listed. I was so confused where the other styled-components came from and spent a lot of time to investigate until I searched in yarn.lock, then figured out it's the resolutions.

sabrinaluo avatar Jun 05 '19 14:06 sabrinaluo

So this is a feature request?

DanielRuf avatar Jun 05 '19 15:06 DanielRuf

Yes, should be a feature request. Updated the issue type 😃 @DanielRuf

I first thought it's a bug. However, after your explanation, I understand it's not a bug yarn itself but most likely a mistake by users.

sabrinaluo avatar Jun 05 '19 16:06 sabrinaluo

Maybe we could handle this by checking "if a resolution does not contains a wildcard * or a / then print a warning"? I'm not sure if having a resolution without one of those is really ever a valid use case...

rally25rs avatar Jun 07 '19 10:06 rally25rs

I'm also going to rename this issue to make it more indicative of the feature request.

rally25rs avatar Jun 07 '19 10:06 rally25rs

Hi can I take this up?

0xamogh avatar Jun 21 '19 20:06 0xamogh

can I take this up?

xiaoguizi87 avatar Aug 16 '19 04:08 xiaoguizi87

Sure, do you need help with creating a PR or do you know the needed steps?

DanielRuf avatar Aug 16 '19 04:08 DanielRuf

Hi, I want to contribute to this issue. Can you please walk me through the steps about how to do a git pull?

farjanaHuq avatar Jun 03 '20 22:06 farjanaHuq

@farjanaHuq first ensure that you fork the repo to your own account.

After this clone the repository to your computer using some terminal / shell.

Then create a new branch, check it out, work on the needed files, commit the changes and push to your fork.

After this you can create the PR here.

Did you already check https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request for the needed steps? With which exact step do you need help?

DanielRuf avatar Jun 04 '20 08:06 DanielRuf

@DanielRuf Is this issue still open? There is a pull request from @gonzachr.

mehulbechra avatar Jun 30 '20 17:06 mehulbechra

@mehulbechra as you can see the issue is still open. I do not know what the current status is, I did not open this issue. At least the PR is not merged and still open. So I guess this is still unresolved.

DanielRuf avatar Jun 30 '20 21:06 DanielRuf

Is this up for grabs? Can another PR be opened for this?

Bruce-Hopkins avatar Mar 17 '22 19:03 Bruce-Hopkins

Does resolution needs to be committed or yarn.lock enough ??

sshettyyara avatar Apr 21 '23 07:04 sshettyyara

#8315 looks to be corresponded to comment https://github.com/yarnpkg/yarn/issues/7320#issuecomment-499841419. Is there any blocker?

I want to try to take this up. Can I get any advice about more things to do?

tooth-palm avatar Oct 16 '23 07:10 tooth-palm

@tooth-palm Thanks for your interest in contributing. Yarn v1 (aka Yarn Classic) has been deprecated for a couple years (yarn v4 is about to be released) and only receives critical security and bug fixes. Development should be done against Yarn Modern. This means this feature is very unlikely to ever be added to to the old yarn v1 code. Devs should be moving to newer versions of yarn.

rally25rs avatar Oct 16 '23 12:10 rally25rs