yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
https://classic.yarnpkg.com
Other
41.44k stars 2.73k forks source link

Doesn't install valid dependency version when the dependency is included multiple dependency sets in package.json #3181

Open spencer-brown opened 7 years ago

spencer-brown commented 7 years ago

Do you want to request a feature or report a bug?

Bug

What is the current behavior?

Yarn seems to only detect one of the entries in a dependency's package.json when determining which dependency versions to specify during yarn.lock generation.

If the current behavior is a bug, please provide the steps to reproduce.

  1. Clone https://github.com/spencer-brown/yarn-poet-2.0.2-bug.
  2. Observe that yarn check fails with error "poet#jade#uglify-js@^2.4.19" doesn't satisfy found match of "uglify-js@2.2.5"

Taking a closer look, yarn.lock only specifies uglify-js@~2.2.5 per transformers's uglify-js dependency. node_modules/jade/package.json specifies "uglify-js": "*" in devDependencies but "uglify-js": "^2.4.19" in dependencies, so we'd expect ^2.4.19 to be satisfied in yarn.lock, but it is not.

My guess is that the yarn.lock-generation does not take multiple dependency versions into account, but yarn check does (or the ordering is just lucky in yarn check to catch the issue).

What is the expected behavior?

Yarn installs multiple versions of uglify-js in order to satisfy both transformers and jade.

Please mention your node.js, yarn and operating system version.

spencer-brown commented 7 years ago

In the meantime, I've solved this for poet by forking poet and jade and tweaking jade's package.json: https://github.com/mixmaxhq/poet-yarn-compatible.