search

yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
https://classic.yarnpkg.com
Other
41.4k stars 2.73k forks source link

Lock File Points to Non-existent Package Version #3935

Open smcguinness opened 7 years ago

smcguinness commented 7 years ago

Do you want to request a feature or report a bug? Bug

What is the current behavior? yarn add json2csv or yarn add json2csv@3.9.0 -E

Yarn installed package.json in node_modules

{
  "name": "json2csv",
  "preferGlobal": "true",
  "version": "3.9.1",
  "description": "Convert JSON to CSV",
  "keywords": [
    "json",
    "to",
    "csv",
    "export",
    "convert",
    "parse"
  ],
  "author": {
    "name": "Mirco Zeiss",
    "email": "mirco.zeiss@gmail.com",
    "twitter": "zeMirco"
  },
  "license": "MIT",
  "bin": {
    "json2csv": "./bin/json2csv.js"
  },
  "main": "./lib/json2csv.js",
  "repository": {
    "type": "git",
    "url": "https://github.com/zemirco/json2csv"
  },
  "scripts": {
    "build": "webpack",
    "test": "node test | tap-spec",
    "test-coverage": "istanbul cover test/index.js --report lcovonly | tap-spec",
    "deploy:docs": "docpress b && git-update-ghpages zemirco/json2csv _docpress",
    "prepublish": "in-publish && npm run before:publish || not-in-publish",
    "before:publish": "npm test && npm run build && npm run deploy:docs && npm run release",
    "release": "standard-version"
  },
  "dependencies": {
    "cli-table": "^0.3.1",
    "commander": "^2.8.1",
    "debug": "^2.2.0",
    "flat": "^2.0.0",
    "lodash.flatten": "^4.4.0",
    "lodash.get": "^4.4.0",
    "lodash.set": "^4.3.0",
    "lodash.uniq": "^4.5.0",
    "lodash.clonedeep": "^4.5.0",
    "path-is-absolute": "^1.0.0"
  },
  "devDependencies": {
    "async": "^2.0.1",
    "docpress": "^0.7.0",
    "eslint": "^3.3.1",
    "git-update-ghpages": "^1.3.0",
    "in-publish": "^2.0.0",
    "istanbul": "^0.4.3",
    "standard-version": "^4.0.0",
    "tap-spec": "^4.1.0",
    "tape": "^4.0.0",
    "webpack": "^1.13.1"
  }
}

yarn.lock

json2csv@3.9.0:
  version "3.9.1"
  resolved "https://registry.yarnpkg.com/json2csv/-/json2csv-3.9.0.tgz#4cd460f31b47817e1732268e21082fc37b1483da"
  dependencies:
    cli-table "^0.3.1"
    commander "^2.8.1"
    debug "^2.2.0"
    flat "^2.0.0"
    lodash.clonedeep "^4.5.0"
    lodash.flatten "^4.4.0"
    lodash.get "^4.4.0"
    lodash.set "^4.3.0"
    lodash.uniq "^4.5.0"
    path-is-absolute "^1.0.0"

What is the expected behavior? The json2csv@3.9.1 does not exist and has never existed as of this date. The resulting install and generated lock file fails yarn check, however the correct package is installed in node_modules.

Please mention your node.js, yarn and operating system version.

MacOS Sierra
node version: 4.8.4
yarn version: 0.27.5
arcanis commented 7 years ago

The package.json located inside json2csv contains "version": 3.9.1. Something should probably be done on Yarn's side to deal with this sort of case, but the issue should primilarly be adressed by json2csv's maintainers.