Closed chyzwar closed 1 year ago
That's not what's happening here, see https://yarnpkg.com/advanced/error-codes/#yn0032---node_gyp_injected
YN0032 is an error when yarn detect missing node-gyp dependancy.
It is still unclear why yarn includes node-gyp for fsevents in lockfile. fsevents is using napi and ship with pre build binaries for macos, why node-gyp is installed?
I might understand the rationale behind installing node-gyp, but it is not well documented. It is pre build MacOs binary (after pulling from registry)
YN0032 docs do not indicate if this is a warning or error and is not printed when node-gyp is included. yarn seems to installing node-gyp for packages that contain .node files
yarn seems to installing node-gyp for packages that contain .node files
No, for fsevents
it's installed because the npm registry says that fsevents
has an install script that needs it.
https://registry.npmjs.com/fsevents/2.3.2
"scripts": {
"clean": "node-gyp clean && rm -f fsevents.node",
"build": "node-gyp clean && rm -f fsevents.node && node-gyp rebuild && node-gyp clean",
"test": "/bin/bash ./test.sh 2>/dev/null",
"prepublishOnly": "npm run build"
},
It only have prepublishOnly script to build not postInstall.
This is bizarre.
When you pull fsevents
wget $(npm view fsevents dist.tarball)
Resulted package.json is
{
"name": "fsevents",
"version": "2.3.2",
"description": "Native Access to MacOS FSEvents",
"main": "fsevents.js",
"types": "fsevents.d.ts",
"os": [
"darwin"
],
"files": [
"fsevents.d.ts",
"fsevents.js",
"fsevents.node"
],
"engines": {
"node": "^8.16.0 || ^10.6.0 || >=11.0.0"
},
"scripts": {
"clean": "node-gyp clean && rm -f fsevents.node",
"build": "node-gyp clean && rm -f fsevents.node && node-gyp rebuild && node-gyp clean",
"test": "/bin/bash ./test.sh 2>/dev/null",
"prepublishOnly": "npm run build"
},
"repository": {
"type": "git",
"url": "https://github.com/fsevents/fsevents.git"
},
"keywords": [
"fsevents",
"mac"
],
"contributors": [
{
"name": "Philipp Dunkel",
"email": "pip@pipobscure.com"
},
{
"name": "Ben Noordhuis",
"email": "info@bnoordhuis.nl"
},
{
"name": "Elan Shankar",
"email": "elan.shanker@gmail.com"
},
{
"name": "Miroslav Bajtoš",
"email": "mbajtoss@gmail.com"
},
{
"name": "Paul Miller",
"url": "https://paulmillr.com"
}
],
"license": "MIT",
"bugs": {
"url": "https://github.com/fsevents/fsevents/issues"
},
"homepage": "https://github.com/fsevents/fsevents",
"devDependencies": {
"node-gyp": "^6.1.0"
}
}
but package.json that is in registry
{
"name": "fsevents",
"version": "2.3.2",
"description": "Native Access to MacOS FSEvents",
"main": "fsevents.js",
"types": "fsevents.d.ts",
"os": [
"darwin"
],
"engines": {
"node": "^8.16.0 || ^10.6.0 || >=11.0.0"
},
"scripts": {
"clean": "node-gyp clean && rm -f fsevents.node",
"build": "node-gyp clean && rm -f fsevents.node && node-gyp rebuild && node-gyp clean",
"test": "/bin/bash ./test.sh 2>/dev/null",
"prepublishOnly": "npm run build",
"install": "node-gyp rebuild"
},
"repository": {
"type": "git",
"url": "git+https://github.com/fsevents/fsevents.git"
},
"keywords": [
"fsevents",
"mac"
],
"contributors": [
{
"name": "Philipp Dunkel",
"email": "pip@pipobscure.com"
},
{
"name": "Ben Noordhuis",
"email": "info@bnoordhuis.nl"
},
{
"name": "Elan Shankar",
"email": "elan.shanker@gmail.com"
},
{
"name": "Miroslav Bajtoš",
"email": "mbajtoss@gmail.com"
},
{
"name": "Paul Miller",
"url": "https://paulmillr.com"
}
],
"license": "MIT",
"bugs": {
"url": "https://github.com/fsevents/fsevents/issues"
},
"homepage": "https://github.com/fsevents/fsevents",
"devDependencies": {
"node-gyp": "^6.1.0"
},
"gypfile": true,
"gitHead": "a7f5d00939b74e141a73131468c4ce48ee0f2197",
"_id": "fsevents@2.3.2",
"_nodeVersion": "12.20.1",
"_npmVersion": "6.14.10",
"dist": {
"integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
"shasum": "8a526f78b8fdf4623b709e0b975c52c24c02fd1a",
"tarball": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
"fileCount": 6,
"unpackedSize": 156422,
"npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.13\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJgHVpKCRA9TVsSAnZWagAAJFMP/Ahi5vRQPbZHNkG+zric\n4/j4kF5XpaQvxCGy75GHF6rNNn7uM3FHjsmbfGjMfnvA+cSVCnbrbI45lhEX\nLWPTAPwb+Plxk9daosAj9IFqDyUFFewS/+dw5wRtP4zfCfa9jT9lsd7sMTee\nrrmWbMb2DLRexKeokZvoBj0RUKOMSHB2oD6/ITulCiD59kwJndxU+nV+NnUC\nycYJY2CQ+jLQQovBWtge5Qv7ur6woVkNmBstYoa/jNJy93GvY82Ka2Rk8oV5\nqPzKQCYqwIaOE0uc9ABb2gQGDvZShFDYtmHqDcsyss7eq23xbJyYM8LMZVgy\nDreGUzJQOMmd03gwoF8djwiWF8NXGZ8km37JbPaW4oIDkhgFB5YJu8jupUMj\ny0xMW2R2tpsrITu96OBWLPuY49rvqBKsH5mGokrsXGZ/J3o1JvNEfHauG3jz\nOlUhRD52hAN3aLyJeaOqXIvpbW/7YpStHYVWmfKv/b/ITa0hjSSIpZsaznSu\nGB/fwueHA3zhCoP55mKbn/tgimhOrA0Uo1dG431LOP9uCAnJzY+df1pBKYGl\nTvVQM5loC7GYutgOZsTuZHNcwTf8YHdm/MazIhVMT76nw/dD59iynAha069G\n9VOK8K0JUsQQwtOcfnd67qraZQeNkfwnS3ifUzMYeHoCESvPBcsAlmJpnnSs\nZn+o\r\n=klC1\r\n-----END PGP SIGNATURE-----\r\n",
"signatures": [
{
"keyid": "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA",
"sig": "MEQCIAmE0tbeuxfeRZFnkiDiyYRgeUlMARR0g+nyMEEu/yw/AiALoIySW1Z/q9ion4b8wWAXwO65q8J7sR9hGnkcbvnRSQ=="
}
]
},
"_npmUser": {
"name": "pipobscure",
"email": "pip@pipobscure.com"
},
"directories": {},
"maintainers": [
{
"name": "pipobscure",
"email": "pip@pipobscure.com"
},
{
"name": "paulmillr",
"email": "paul@paulmillr.com"
}
],
"_npmOperationalInternal": {
"host": "s3://npm-registry-packages",
"tmp": "tmp/fsevents_2.3.2_1612536393763_0.6823972486617933"
},
"_hasShrinkwrap": false
}
It only have prepublishOnly script to build not postInstall.
Read my message again and look at the provided link.
YN0032 docs do not indicate if this is a warning or error and is not printed when node-gyp is included.
It's printed as a warning during install
docker run --rm -it node:18.12.0 bash
cd $(mktemp -d)
yarn init -2
yarn set version 3.2.4
yarn add fsevents@2.3.2
[...]
➤ YN0000: ┌ Resolution step
➤ YN0032: │ fsevents@npm:2.3.2: Implicit dependencies on node-gyp are discouraged
➤ YN0061: │ @npmcli/move-file@npm:2.0.1 is deprecated: This functionality has been moved to @npmcli/fs
➤ YN0000: └ Completed in 3s 662ms
[...]
It seems that we are both correct (see my previus message comparing packag.json from npm vs tar)
yarn read package.json from npm to decide if node-gyp should be installed. fsevents intentions were to ship pre-build binary without node-gyp
https://github.com/fsevents/fsevents/pull/237
It seems that npm registry is lying ?
It seems that we are both correct (see my previus message comparing packag.json from npm vs tar)
We're aware they don't match hence my wording and the link I provided, this isn't the first time this comes up.
It seems that npm registry is lying ?
It's probably a bug.
ok, thanks for your time.
Self-service
Describe the bug
Generated lockfile for project with just rollup, have 922 lines and include node-gyp dependencies. node-gyp in devDependancy of fsevents and it should not be included in lockfile.
To reproduce
Resulted lockfile
to compare, npm lockfile have
Environment
Additional context
Only tested this with fsevents.