Recently we discovered that a previously fine package.json would fail to yarn audit (using Yarn v1.22.5). After applying delta debugging to minimize the test case, I determined that a package.json containing only a
"@angular-devkit/build-angular": "^0.1102.14" devDependency was adequate to cause yarn audit to fail.
yarn install v1.22.5
info No lockfile found.
[1/4] 🔍 Resolving packages...
warning @angular-devkit/build-angular > webpack-dev-server > chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning @angular-devkit/build-angular > webpack-dev-server > chokidar > fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning @angular-devkit/build-angular > stylus > css-parse > css > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning @angular-devkit/build-angular > stylus > css-parse > css > source-map-resolve > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning @angular-devkit/build-angular > webpack-dev-middleware > webpack-log > uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
warning @angular-devkit/build-angular > webpack-dev-server > sockjs > uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
warning @angular-devkit/build-angular > webpack-dev-server > url > querystring@0.2.0: The
warning @angular-devkit/build-angular > webpack > watchpack > watchpack-chokidar2 > chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning @angular-devkit/build-angular > stylus > css-parse > css > source-map-resolve > resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
[2/4] 🚚 Fetching packages...
[3/4] 🔗 Linking dependencies...
warning " > @angular-devkit/build-angular@0.1102.14" has unmet peer dependency "@angular/compiler-cli@^11.0.0 || ^11.2.0-next".
warning " > @angular-devkit/build-angular@0.1102.14" has unmet peer dependency "typescript@~4.0.0 || ~4.1.0".
warning "@angular-devkit/build-angular > @ngtools/webpack@11.2.14" has unmet peer dependency "@angular/compiler-cli@^11.0.0 || ^11.2.0-next".
warning "@angular-devkit/build-angular > @ngtools/webpack@11.2.14" has unmet peer dependency "typescript@~4.0.0 || ~4.1.0".
[4/4] 🔨 Building fresh packages...
success Saved lockfile.
✨ Done in 21.83s.
yarn audit v1.22.5
error An unexpected error occurred: "https://registry.yarnpkg.com/-/npm/v1/security/audits: socket hang up".
info If you think this is a bug, please open a bug report with the information provided in "/Users/jbruner/src/example-yarn-package/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/audit for documentation about this command.
I've attached the yarn-error.log file. The primary error is:
Trace:
Error: https://registry.yarnpkg.com/-/npm/v1/security/audits: socket hang up
at connResetException (node:internal/errors:683:14)
at TLSSocket.socketOnEnd (node:_http_client:471:23)
at TLSSocket.emit (node:events:377:35)
at endReadableNT (node:internal/streams/readable:1312:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21)
Rarely, but on occasion I instead get:
Trace:
Error: write EPIPE
at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:94:16)
Self-service
Describe the bug
Recently we discovered that a previously fine package.json would fail to
yarn audit
(using Yarn v1.22.5). After applying delta debugging to minimize the test case, I determined that a package.json containing only a"@angular-devkit/build-angular": "^0.1102.14"
devDependency was adequate to causeyarn audit
to fail.Specifically, running
rm yarn.lock; yarn install; yarn audit
yields:I've attached the yarn-error.log file. The primary error is:
Rarely, but on occasion I instead get:
To reproduce
Create a package.json containing:
Then run
yarn policies set-version 1.22.5; rm yarn.lock; yarn install; yarn audit
.Expected: standard yarn audit output
Actual: See above
Environment
System:
Binaries:
Additional context
No response