[Bug?]: @angular-devkit/build-angular causes yarn audit to fail

[JosiahOne]

Self-service

• [X] I'd be willing to implement a fix

Describe the bug

Recently we discovered that a previously fine package.json would fail to yarn audit (using Yarn v1.22.5). After applying delta debugging to minimize the test case, I determined that a package.json containing only a

"@angular-devkit/build-angular": "^0.1102.14" devDependency was adequate to cause yarn audit to fail.

Specifically, running rm yarn.lock; yarn install; yarn audit yields:

yarn install v1.22.5
info No lockfile found.
[1/4] 🔍  Resolving packages...
warning @angular-devkit/build-angular > webpack-dev-server > chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning @angular-devkit/build-angular > webpack-dev-server > chokidar > fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning @angular-devkit/build-angular > stylus > css-parse > css > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning @angular-devkit/build-angular > stylus > css-parse > css > source-map-resolve > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning @angular-devkit/build-angular > webpack-dev-middleware > webpack-log > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning @angular-devkit/build-angular > webpack-dev-server > sockjs > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning @angular-devkit/build-angular > webpack-dev-server > url > querystring@0.2.0: The
warning @angular-devkit/build-angular > webpack > watchpack > watchpack-chokidar2 > chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
warning @angular-devkit/build-angular > stylus > css-parse > css > source-map-resolve > resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
warning " > @angular-devkit/build-angular@0.1102.14" has unmet peer dependency "@angular/compiler-cli@^11.0.0 || ^11.2.0-next".
warning " > @angular-devkit/build-angular@0.1102.14" has unmet peer dependency "typescript@~4.0.0 || ~4.1.0".
warning "@angular-devkit/build-angular > @ngtools/webpack@11.2.14" has unmet peer dependency "@angular/compiler-cli@^11.0.0 || ^11.2.0-next".
warning "@angular-devkit/build-angular > @ngtools/webpack@11.2.14" has unmet peer dependency "typescript@~4.0.0 || ~4.1.0".
[4/4] 🔨  Building fresh packages...
success Saved lockfile.
✨  Done in 21.83s.
yarn audit v1.22.5
error An unexpected error occurred: "https://registry.yarnpkg.com/-/npm/v1/security/audits: socket hang up".
info If you think this is a bug, please open a bug report with the information provided in "/Users/jbruner/src/example-yarn-package/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/audit for documentation about this command.

I've attached the yarn-error.log file. The primary error is:

Trace:
  Error: https://registry.yarnpkg.com/-/npm/v1/security/audits: socket hang up
      at connResetException (node:internal/errors:683:14)
      at TLSSocket.socketOnEnd (node:_http_client:471:23)
      at TLSSocket.emit (node:events:377:35)
      at endReadableNT (node:internal/streams/readable:1312:12)
      at processTicksAndRejections (node:internal/process/task_queues:83:21)

Rarely, but on occasion I instead get:

Trace:
  Error: write EPIPE
      at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:94:16)

To reproduce

Create a package.json containing:

{
  "devDependencies": {
    "@angular-devkit/build-angular": "^0.1102.14"
  }
}

Then run yarn policies set-version 1.22.5; rm yarn.lock; yarn install; yarn audit.

Expected: standard yarn audit output

Actual: See above

Environment

System:

macOS 11.4

Hardware Overview:

  Model Name:   MacBook Pro
  Model Identifier: MacBookPro15,2
  Processor Name:   Quad-Core Intel Core i5
  Processor Speed:  2.3 GHz
  Number of Processors: 1
  Total Number of Cores:    4
  L2 Cache (per Core):  256 KB
  L3 Cache: 6 MB
  Hyper-Threading Technology:   Enabled
  Memory:   16 GB
  System Firmware Version:  1554.120.19.0.0 (iBridge: 18.16.14663.0.0,0)

Binaries:

which node
/usr/local/bin/node
➜  example-yarn-package git:(master) ✗ node -v
v16.1.0

➜  example-yarn-package git:(master) ✗ which yarn
/usr/local/bin/yarn
➜  example-yarn-package git:(master) ✗ yarn -v
1.22.5

➜  example-yarn-package git:(master) ✗ which npm
/usr/local/bin/npm
➜  example-yarn-package git:(master) ✗ npm -v
7.11.2

Additional context

No response

[JosiahOne]

Interestingly, if you don't yarn install (just delete yarn.lock and node_modules, then yarn audit) things work fine.