search

yarnpkg / yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
https://classic.yarnpkg.com
Other
41.37k stars 2.72k forks source link

[Bug?]: No integrity field for dependancies from git links #8981

Open fastchain opened 10 months ago

fastchain commented 10 months ago

Self-service

Describe the bug

Hello, After a git link was added as dependency, there is no "integrity" data in yarn.lock file:

"@nomiclabs/hardhat-waffle@^2.0.1":
  version "2.0.3"
  resolved "https://registry.npmjs.org/@nomiclabs/hardhat-waffle/-/hardhat-waffle-2.0.3.tgz"
  integrity sha512-049PHSnI1CZq6+XTbrMbMv5NaL7cednTfPenx02k3cEh8wBMLa6ys++dBETJa6JjfwgA9nBhhHQ173LJv6k2Pg==
  dependencies:
    "@types/sinon-chai" "^3.2.3"
    "@types/web3" "1.0.19"

"@openzeppelin/contracts-upgradeable@https://gitpkg.now.sh/OpenZeppelin/openzeppelin-contracts-upgradeable/contracts?master":
  version "4.9.2"
  resolved "https://gitpkg.now.sh/OpenZeppelin/openzeppelin-contracts-upgradeable/contracts?master#14799b874affa7a27c42ee65dc9269917c013f85"

"@openzeppelin/contracts@^4.9.3":
  version "4.9.3"
  resolved "https://registry.yarnpkg.com/@openzeppelin/contracts/-/contracts-4.9.3.tgz#00d7a8cf35a475b160b3f0293a6403c511099364"
  integrity sha512-He3LieZ1pP2TNt5JbkPA4PNT9WC3gOTOlDcFGJW4Le4QKqwmiNJCRt44APfxMxvq7OugU/cqYuPcSBzOw38DAg==

To reproduce

  1. Run yarn add 'https://gitpkg.now.sh/OpenZeppelin/openzeppelin-contracts-upgradeable/contracts?master'
  2. Run cat yarn.lock | grep openzeppelin/contracts-upgradeable -A3

Environment

Docker container 

FROM node:16.17.1-bullseye
RUN apt-get update --fix-missing && apt-get install jq -y && apt-get install npm -y
yarn dlx -q envinfo --preset jest

error Command "dlx" not found.


### Additional context

_No response_