generator
generator copied to clipboard
addDependencies and addDevDependencies attempt to resolve all packages against the public npm registry
Extracted from issue #1299 because I've just been bitten by this - feel free to mark as duplicate 🤷
addDependencies and addDevDependencies attempt to resolve all packages against the public npm registry and ignores those I've defined in my .npmrc, thus the generator fails with a 404 error.
Did a bit more digging - seems like it might be an issue with pacote
? -- see https://github.com/yeoman/environment/issues/308
To be more explicit the issue I'm having is very similar to the OP.
My generator is trying to add dependencies that are hosted in a private registry.
My .npmrc
file has a package-prefixed entry which "should" handle the resolution:
@foo:registry=http://npm.foo.example.com
I'm not sure what to do with this.
Parsing and passing .npmrc config pacote will complicate too much. Version resolution is just a convenience for dependencies without a version.
If npm/yarn resolves dependencies with empty version, an option to skip version resolution can be added. For now the only way is to manipulate package.json directly:
this.packageJson.merge({
dependencies:{
localDep: ''
},
devDependencies: {
localDevDep: ''
}
});
A parameter can be added to addDevDependencies/addDependencies.
Thanks for looking into this @mshima 😄
For now I have a workaround: I can use latest-version to resolve public and private dependency versions myself before invoking addDependencies/addDevDependencies
with a structured-object e.g.
const packagesWithVersions = await getVersions(['@foo/bar', '@foo/baz'])
// looks like { "@foo/bar": "1.2.3", "@foo/baz": "4.5.6" }
await this.addDevDependencies(packagesWithVersions)
instead of
await this.addDevDependencies(['@foo/bar', '@foo/baz'])
@baconandon maybe you could provide a PR switching to latest-version at: https://github.com/yeoman/generator/blob/9cab8c90decdbbc6befcae0da10d55da3f7cd873/lib/actions/package-json.js#L24-L28
This issue is stale because it has been open with no activity. Remove stale label or comment or this will be closed
@baconandon thanks for the tip on "latest-version", did the same and it worked like a charm!
should be fixed at v6.