search

oven-sh / bun

Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one
https://bun.sh
Other
74.15k stars 2.77k forks source link

Bun install changing yarn lockfile registry URL #5301

Open bkonicek-calm opened 1 year ago

bkonicek-calm commented 1 year ago

What version of Bun is running?

1.0.1+31aec4ebe325982fc0ef27498984b0ad9969162b

What platform is your computer?

Darwin 22.6.0 arm64 arm

What steps can reproduce the bug?

Take a sample yarn.lock file

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1

"@adobe/css-tools@^4.0.1":
  version "4.2.0"
  resolved "https://registry.yarnpkg.com/@adobe/css-tools/-/css-tools-4.2.0.tgz#e1a84fca468f4b337816fcb7f0964beb620ba855"
  integrity sha512-E09FiIft46CmH5Qnjb0wsW54/YQd69LsxeKUOWawmws1XWvyFGURnAChH0mlr7YPFR1ofwvUQfcL0J3lMxXqPA==

"@ampproject/remapping@^2.2.0":
  version "2.2.1"
  resolved "https://registry.yarnpkg.com/@ampproject/remapping/-/remapping-2.2.1.tgz#99e8e11851128b8702cd57c33684f1d0f260b630"
  integrity sha512-lFMjJTrFL3j7L9yBxwYfCq2k6qqwHyzuUl/XBnif78PWTJYyL/dfowQHWE3sp6U6ZzqWiiIZnpTMO96zhkjwtg==
  dependencies:
    "@jridgewell/gen-mapping" "^0.3.0"
    "@jridgewell/trace-mapping" "^0.3.9"

And a bunfig.toml of 

[install]
registry = "https://registry.yarnpkg.com/"

And run bun install -y. It changes all of the registry URLs to https://registry.npmjs.org.

However, we do have a private registry configured that works correctly and bun is able to download the packages just fine without changing the resolved URL.

What is the expected behavior?

It should not change registry URLs.

What do you see instead?

> git diff

 "@adobe/css-tools@^4.0.1":
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/@adobe/css-tools/-/css-tools-4.2.0.tgz#e1a84fca468f4b337816fcb7f0964beb620ba855"
-  integrity sha512-E09FiIft46CmH5Qnjb0wsW54/YQd69LsxeKUOWawmws1XWvyFGURnAChH0mlr7YPFR1ofwvUQfcL0J3lMxXqPA==
+  version "4.3.1"
+  resolved "https://registry.npmjs.org/@adobe/css-tools/-/css-tools-4.3.1.tgz"
+  integrity sha512-/62yikz7NLScCGAAST5SHdnjaDJQBDq0M2muyRTpf2VQhw6StBg2ALiu73zSJQ4fMVLA+0uBhBHAle7Wg+2kSg==

 "@ampproject/remapping@^2.2.0":
   version "2.2.1"
-  resolved "https://registry.yarnpkg.com/@ampproject/remapping/-/remapping-2.2.1.tgz#99e8e11851128b8702cd57c33684f1d0f260b630"
+  resolved "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.2.1.tgz"
   integrity sha512-lFMjJTrFL3j7L9yBxwYfCq2k6qqwHyzuUl/XBnif78PWTJYyL/dfowQHWE3sp6U6ZzqWiiIZnpTMO96zhkjwtg==
   dependencies:
     "@jridgewell/gen-mapping" "^0.3.0"

Additional information

No response

taranek commented 1 year ago

Sounds similar to: https://github.com/oven-sh/bun/issues/5370

bkonicek-calm commented 1 year ago

@taranek It does sound similar, but interestingly private registries do work for me with a bunfig.toml like

[install.scopes]
"@privateorg" = { token = "foo", url = "https://npm.pkg.github.com/" }

It correctly leaves our private registry URLs intact, but still changes the public ones to npmjs.org. I've tried both of these but neither make a difference:

[install]
registry = "https://registry.yarnpkg.com/"

[install.scopes]
"@adobe" = { url = "https://registry.yarnpkg.com/" }