generator icon indicating copy to clipboard operation
generator copied to clipboard

Published 20 hours ago verified publisher icon yeoman

addDependencies and addDevDependencies attempt to resolve all packages against the public npm registry

Open baconandon opened this issue 3 years ago • 6 comments

Extracted from issue #1299 because I've just been bitten by this - feel free to mark as duplicate 🤷

addDependencies and addDevDependencies attempt to resolve all packages against the public npm registry and ignores those I've defined in my .npmrc, thus the generator fails with a 404 error.

baconandon avatar Jun 23 '21 19:06 baconandon

Did a bit more digging - seems like it might be an issue with pacote? -- see https://github.com/yeoman/environment/issues/308

baconandon avatar Jun 23 '21 19:06 baconandon

To be more explicit the issue I'm having is very similar to the OP. My generator is trying to add dependencies that are hosted in a private registry. My .npmrc file has a package-prefixed entry which "should" handle the resolution:

@foo:registry=http://npm.foo.example.com

baconandon avatar Jun 23 '21 20:06 baconandon

I'm not sure what to do with this.

Parsing and passing .npmrc config pacote will complicate too much. Version resolution is just a convenience for dependencies without a version.

If npm/yarn resolves dependencies with empty version, an option to skip version resolution can be added. For now the only way is to manipulate package.json directly:

this.packageJson.merge({
  dependencies:{
    localDep: ''
  },
  devDependencies: {
    localDevDep: ''
  }
});

A parameter can be added to addDevDependencies/addDependencies.

mshima avatar Jun 23 '21 23:06 mshima

Thanks for looking into this @mshima 😄

For now I have a workaround: I can use latest-version to resolve public and private dependency versions myself before invoking addDependencies/addDevDependencies with a structured-object e.g.

const packagesWithVersions = await getVersions(['@foo/bar', '@foo/baz'])
// looks like { "@foo/bar": "1.2.3", "@foo/baz": "4.5.6" }
await this.addDevDependencies(packagesWithVersions)

instead of

await this.addDevDependencies(['@foo/bar', '@foo/baz'])

baconandon avatar Jun 24 '21 11:06 baconandon

@baconandon maybe you could provide a PR switching to latest-version at: https://github.com/yeoman/generator/blob/9cab8c90decdbbc6befcae0da10d55da3f7cd873/lib/actions/package-json.js#L24-L28

mshima avatar Jun 24 '21 11:06 mshima

This issue is stale because it has been open with no activity. Remove stale label or comment or this will be closed

github-actions[bot] avatar Jul 25 '21 00:07 github-actions[bot]

@baconandon thanks for the tip on "latest-version", did the same and it worked like a charm!

gastonsilva avatar Oct 14 '22 14:10 gastonsilva

should be fixed at v6.

mshima avatar Oct 21 '23 04:10 mshima