search

yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
https://classic.yarnpkg.com
Other
41.44k stars 2.73k forks source link

Yarn installs wrong package version from github #6060

Open kesha-antonov opened 6 years ago

kesha-antonov commented 6 years ago

Hello!

In package.json I have dependency "mypackage": "kesha-antonov/mypackage". If I run yarn install it installs old version (not latest from master). If I run yarn upgrade --check-files it installs latest version from master. If I run again yarn install it installs old version.

I think it's bug. yarn install should install latest commit from master.

JoshuaRabiu commented 6 years ago

That's the expected behavior of yarn install. The reason being that the latest release of a package may have new/removed dependencies, which can cause your build to break. See this similar issue for more details: https://github.com/yarnpkg/yarn/issues/1978

kesha-antonov commented 6 years ago

Hello! @JoshuaScript

That's strange. It's my package. It doesn't have new deps. Just 1 line of code changed and it's still gets old version

JoshuaRabiu commented 6 years ago

@kesha-antonov I believe it installs the version specified in your yarn.lock or package.json, regardless if any dependencies have been modified, its a fail-safe of sorts.

kesha-antonov commented 6 years ago

@JoshuaScript yarn.lock has latest commit from github. If I run yarn upgrade --check-files it installs latest code (I can check it in node_modules). If I run yarn install it installs old code (!). Even when yarn.lock does have latest commit from github.

So it leads to unexpected bugs since the old code is used sometimes.

dasdeck commented 5 years ago

I too find this behavior highly irritating! Especially when I even specify a commit in the regular package.json, I expect yarn to install exactly that commit!

Cheers!

swrobel commented 5 years ago

I just ran into this in 1.17.3 and this is truly maddening behavior. The docs for yarn install specify that "If yarn.lock is present and is enough to satisfy all the dependencies listed in package.json, the exact versions recorded in yarn.lock are installed", and yet, despite yarn.lock having the right commit hash, it still installs an older version. yarn upgrade installs the correct version, even though yarn.lock isn't modified at all. What is going on here?!

possible dupe of: https://github.com/yarnpkg/yarn/issues/4722

johannessjoberg commented 4 years ago

Still present in 1.19.1. This need some attention! πŸ™

zaydek commented 4 years ago

It’s probably not good practice but this worked for me:

$ rm -rf node_modules yarn.lock
$ yarn

Basically purge node_modules and regenerate yarn.lock. This is probably not good practice.

Two things to note; this is slow and GitHub based dependencies appear to take longer to load (probably due to caching) than npm-based packages.

zaydek commented 4 years ago

It looks like the following works the same:

rm yarn.lock && yarn

Again, this is probably not good practice.

ghills commented 4 years ago

I ran into this as well (v1.19.1) even though I was explicitly setting a commit hash in package.json. The package contents were still coming from an older commit.

The dependency looked like:

"<package-name>": "<owner>/<package-name>#<hash>"
tairau commented 4 years ago

I have same issue with bootstrap "bootstrap": "twbs/bootstrap#9d50c6a18fcfd2e42ccc4e7b29d887c574bfadea"

macos catalina node - 13.8.0 yarn - 1.9.2

hotaryuzaki commented 3 years ago

i face the same issue, my github package always get an older version after yarn (or yarn install) get called. base on this https://github.com/yarnpkg/yarn/issues/4722, the solution is run yarn cache clean. then run rm -r node_modules && yarn now is works as expected

pistonsky commented 3 years ago

Same here. Whenever I install any new package I have to check my custom packages' files to ensure everything is correct. And it's not! yarn upgrade --check-files helps.

Shizuri commented 2 years ago

This issue persists in 2022.

brusherru commented 2 years ago

Just experienced the same issue on one of the machines (others are fine) while trying to yarn install after cloning Spacemeshos/Smapp repo.

In yarn.lock only semver package have a version 7.2.1 πŸ€”

yarn upgrade --check-files does not help as well.

Env:

Here are the logs:

alice ~/workspace/smapp develop $ yarn
yarn install v1.22.19
[1/4] πŸ”  Resolving packages...
[2/4] 🚚  Fetching packages...
[1/4] πŸ”  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] πŸ”—  Linking dependencies...
warning " > @continuous-auth/semantic-release-npm@2.0.0" has unmet peer dependency "semantic-release@>=15.9.0 <16.0.0".
warning " > spec-xunit-file@0.0.1-3" has unmet peer dependency "mocha@>=1.7.0".
[4/4] πŸ”¨  Building fresh packages...
[2/2] β   electron
error /Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/electron: Command failed.
Exit code: 1
Command: node install.js
Arguments:
Directory: /Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/electron
Output:
node:internal/process/promises:288
            triggerUncaughtException(err, true /* fromPromise */);
            ^

GotError [HTTPError]: Response code 404 (Not Found) for https://github.com/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip
    at EventEmitter.<anonymous> (/Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/got/source/as-stream.js:35:24)
    at EventEmitter.emit (node:events:537:28)
    at module.exports (/Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/got/source/get-response.js:22:10)
    at ClientRequest.handleResponse (/Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/got/source/request-as-event-emitter.js:155:5)
    at Object.onceWrapper (node:events:652:26)
    at ClientRequest.emit (node:events:549:35)
    at origin.emit (/Users/alice/Library/Caches/Yarn/v6/.tmp/87cd208322c666ac5b5d0473c4474f55.31bf8632c32dd6a714b00289708c012a06741fd7.prepare/node_modules/@szmarczak/http-timer/source/index.js:37:11)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (node:_http_client:642:27)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:117:17)
    at TLSSocket.socketOnData (node:_http_client:505:22) {
  host: 'github.com',
  hostname: 'github.com',
  method: 'GET',
  path: '/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip',
  socketPath: undefined,
  protocol: 'https:',
  url: 'https://github.com/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip',
  gotOptions: {
    path: '/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip',
    protocol: 'https:',
    slashes: true,
    auth: null,
    host: 'github.com',
    port: null,
    hostname: 'github.com',
    hash: null,
    search: null,
    query: null,
    pathname: '/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip',
    href: 'https://github.com/electron/electron/releases/download/v7.2.1/electron-v7.2.1-darwin-arm64.zip',
    retry: {
      retries: [Function (anonymous)],
      methods: Set(6) { 'GET', 'PUT', 'HEAD', 'DELETE', 'OPTIONS', 'TRACE' },
      statusCodes: Set(7) { 408, 413, 429, 500, 502, 503, 504 },
      errorCodes: Set(8) {
        'ETIMEDOUT',
        'ECONNRESET',
        'EADDRINUSE',
        'ECONNREFUSED',
        'EPIPE',
        'ENOTFOUND',
        'ENETUNREACH',
        'EAI_AGAIN'
      }
    },
    headers: {
      'user-agent': 'got/9.6.0 (https://github.com/sindresorhus/got)',
      'accept-encoding': 'gzip, deflate'
    },
    hooks: {
      beforeRequest: [],
      beforeRedirect: [],
      beforeRetry: [],
      afterResponse: [],
      beforeError: [],
      init: []
    },
    decompress: true,
    throwHttpErrors: true,
    followRedirect: true,
    stream: true,
    form: false,
    json: false,
    cache: false,
    useElectronNet: false,
    method: 'GET'
  },
  statusCode: 404,
  statusMessage: 'Not Found',
  headers: {
    server: 'GitHub.com',
    date: 'Wed, 13 Jul 2022 10:34:24 GMT',
    'content-type': 'text/plain; charset=utf-8',
    vary: 'X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With',
    'permissions-policy': 'interest-cohort=()',
    'cache-control': 'no-cache',
    'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
    'x-frame-options': 'deny',
    'x-content-type-options': 'nosniff',
    'x-xss-protection': '0',
    'referrer-policy': 'no-referrer-when-downgrade',
    'expect-ct': 'max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"',
    'content-security-policy': "default-src 'none'; base-uri 'self'; connect-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self'; style-src 'unsafe-inline'",
    'content-encoding': 'gzip',
    'transfer-encoding': 'chunked',
    'x-github-request-id': 'FFCC:4C19:9D72C6:A72A38:62CE9FAF',
    connection: 'close'
  },
  body: undefined
}
chiefmikey commented 1 year ago

i face the same issue, my github package always get an older version after yarn (or yarn install) get called. base on this #4722, the solution is run yarn cache clean. then run rm -r node_modules && yarn now is works as expected

I migrated machines recently and suddenly had a similar issue with yarn installing package versions that were newer than what was in the existing yarn.lock, which was not acceptable since it was an org repo at my job. Clearing the yarn cache and doing a fresh yarn install completely solved the issue. Thank you @hotaryuzaki for helping me stay sane.