Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

yarn install --frozen-lockfile exits with error, but yarn install does nothing afterwards #4778

Closed
kompot opened this issue Oct 25, 2017 · 8 comments · Fixed by #4793
Closed

yarn install --frozen-lockfile exits with error, but yarn install does nothing afterwards #4778

kompot opened this issue Oct 25, 2017 · 8 comments · Fixed by #4793
Assignees
@kaylie-alexa
Labels
cat-bug high-priority triaged

Comments

@kompot
Copy link

kompot commented Oct 25, 2017

Do you want to request a feature or report a bug?
Bug

What is the current behavior?

  1. Run yarn install with package.json present and no yarn.lock present.
  2. Immediately after run yarn install --frozen-lockfile
  3. Errors states that error Your lockfile needs to be updated, but yarn was run with --frozen-lockfile.
  4. Run yarn install again - no changes are made to yarn.lock

If the current behavior is a bug, please provide the steps to reproduce.

https://github.com/kompot/yarn-frozen-lockfile-bug

What is the expected behavior?
yarn install should fix yarn.lock so that it's up-to-date OR yarn --frozen-lockfile should not fail

Please mention your node.js, yarn and operating system version.
macOS 10.12.6
yarn 1.2.1
node 6.11
@rally25rs
Copy link
Contributor

From a quick glance, it looks like for some reason Yarn is reporting that babel-runtime@^6.26.0 is a missing pattern in the lockfile, but that pattern does exist:

[email protected], [email protected], babel-runtime@^6.11.6, babel-runtime@^6.18.0, babel-runtime@^6.22.0, babel-runtime@^6.23.0, babel-runtime@^6.26.0, babel-runtime@^6.5.0, babel-runtime@^6.9.2:
  version "6.26.0"
  resolved "https://registry.yarnpkg.com/babel-runtime/-/babel-runtime-6.26.0.tgz#965c7058668e82b55d7bfe04ff2337bc8b5647fe"
  dependencies:
    core-js "^2.4.0"
    regenerator-runtime "^0.11.0"

I'll continue digging in ...

@rally25rs
Copy link
Contributor

More research notes:

It looks like what happens is that:

  • the lockfile is loaded and includes babel-runtime@^6.26.0

  • PackageResolver.resolveToResolution() removes a lot of entries from the lockfile, including babel-runtime@^6.26.0

  resolveToResolution(req: DependencyRequestPattern): ?DependencyRequestPattern {
    const {parentNames, pattern} = req;

    if (!parentNames || this.flat) {
      return req;
    }

    const resolution = this.resolutionMap.find(pattern, parentNames);

    if (resolution) {
      const resolutionManifest = this.getResolvedPattern(resolution);

      if (resolutionManifest) {
        invariant(resolutionManifest._reference, 'resolutions should have a resolved reference');
        resolutionManifest._reference.patterns.push(pattern);
        this.addPattern(pattern, resolutionManifest);
        this.lockfile.removePattern(pattern);
      } else {
        this.resolutionMap.addToDelayQueue(req);
      }
      return null;
    }

    return req;
  }

  • Then Yarn decides it needs to add babel-runtime@^6.26.0 back to the lockfile.

  • The --frozen-lockfile flag prevents this re-addition of babel-runtime@^6.26.0

This is because the package.json contains a resolution for babel-runtime:

  "resolutions": {
    "warning": "^3.0.0",
    "babel-runtime": "^6.26.0"
  }

If you delete the babel-runtime resolution, then yarn install --frozen-lockfile runs fine.

Summary: looks like a bug in the interaction between "resolutions" and frozen-lockfile.

@kaylie-alexa kaylie-alexa self-assigned this Oct 25, 2017
@kaylie-alexa kaylie-alexa mentioned this issue Oct 28, 2017
Merged
@BYK BYK closed this as completed in #4793 Oct 31, 2017
BYK pushed a commit that referenced this issue Oct 31, 2017
@BYK
fix(resolver): Fix --frozen-lockfile flag with duplicate top level re…
4e75cb9 
…solution (#4793)

**Summary**

Fixes #4778.

In this particular issue, the same pattern `babel-runtime@^6.26.0` was [defined in both devDependencies](https://github.com/kompot/yarn-frozen-lockfile-bug/blob/master/package.json#L80) and [resolutions field](https://github.com/kompot/yarn-frozen-lockfile-bug/blob/master/package.json#L130). Since resolutions feature was only intended for nested dependencies, it previously didn't take into account when the same exact pattern existed as a top level dependency. And it happens so that after the package resolver phase, [integrity checker looks at top level patterns](https://github.com/yarnpkg/yarn/blob/master/src/integrity-checker.js#L364-L367), so install failed.

The solution was to add top level raw patterns to resolutions map, and only remove them if they're transitive patterns

**Test plan**

Added a new test case in resolutions

*BEFORE*
<img width="618" alt="screen shot 2017-10-28 at 11 07 52 am" src="https://user-images.githubusercontent.com/18429494/32137218-621a19b8-bbd0-11e7-87a3-4acd43a44a69.png">

*AFTER*
<img width="538" alt="screen shot 2017-10-28 at 11 10 13 am" src="https://user-images.githubusercontent.com/18429494/32137229-9b828f1e-bbd0-11e7-90a2-1464c28fcab4.png">
calvinhuang pushed a commit to calvinhuang/yarn that referenced this issue Nov 9, 2017
@terra-incognita
fix(resolver): Fix --frozen-lockfile flag with duplicate top level re…
d34a917 
…solution (yarnpkg#4793)

**Summary**

Fixes yarnpkg#4778.

In this particular issue, the same pattern `babel-runtime@^6.26.0` was [defined in both devDependencies](https://github.com/kompot/yarn-frozen-lockfile-bug/blob/master/package.json#L80) and [resolutions field](https://github.com/kompot/yarn-frozen-lockfile-bug/blob/master/package.json#L130). Since resolutions feature was only intended for nested dependencies, it previously didn't take into account when the same exact pattern existed as a top level dependency. And it happens so that after the package resolver phase, [integrity checker looks at top level patterns](https://github.com/yarnpkg/yarn/blob/master/src/integrity-checker.js#L364-L367), so install failed.

The solution was to add top level raw patterns to resolutions map, and only remove them if they're transitive patterns

**Test plan**

Added a new test case in resolutions

*BEFORE*
<img width="618" alt="screen shot 2017-10-28 at 11 07 52 am" src="https://user-images.githubusercontent.com/18429494/32137218-621a19b8-bbd0-11e7-87a3-4acd43a44a69.png">

*AFTER*
<img width="538" alt="screen shot 2017-10-28 at 11 10 13 am" src="https://user-images.githubusercontent.com/18429494/32137229-9b828f1e-bbd0-11e7-90a2-1464c28fcab4.png">
@MhMadHamster MhMadHamster mentioned this issue Mar 25, 2018
Merged
@DavideDaniel DavideDaniel mentioned this issue May 19, 2018
Closed
@BruceHubbard
Copy link

Just an FYI for anyone else that hits this problem. For us it was because we had the same package listed in devDependencies and resolutions in the root package.json with different version numbers (forgot to update the devDependency). I didn't find this out until I ran through the yarn source code and put a console.log in this section:

      var match = yield this.integrityChecker.check(patterns, lockfileCache, this.flags, workspaceLayout);
      console.log('missingPatterns', match.missingPatterns)
      if (this.flags.frozenLockfile && (!lockfileClean || match.missingPatterns.length > 0)) {
        throw new (_errors || _load_errors()).MessageError(this.reporter.lang('frozenLockfileError'));
      }

That then clued us in to where to look. Maybe we should improve the frozen lockfile error message to include why it failed?

@gaearon
Copy link
Contributor

gaearon commented Nov 11, 2019

@BruceHubbard Omg thanks for this

@BruceHubbard
Copy link

@gaearon Sure thing, glad it helped someone.

@kmcb777 kmcb777 mentioned this issue Mar 3, 2020
Merged
@kelset
Copy link

kelset commented Jun 19, 2020

I know this has been closed for a long time, but just wanted to +1 @BruceHubbard for the explanation of why this behaviours happens - just happened to me with 1.22.4. It was because in the package.json file there was a resolution on a different version of the one defined in dependencies and yarn can't seem to surface that error correctly but instead only kind of "interctly notices it" when doing a frozen install.

@brmc
Copy link

brmc commented Feb 16, 2021

ditto on thanking @BruceHubbard

@MichaelJCole
Copy link

FYI, "optionalDependencies" in package.json triggered this issue for me. Removing them from package.json fixed the problem.

@yarnpkg yarnpkg locked as resolved and limited conversation to collaborators Jun 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@kaylie-alexa kaylie-alexa

Labels
cat-bug high-priority triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(resolver): Fix --frozen-lockfile flag with duplicate top level resolution kaylie-alexa/yarn
9 participants
@rally25rs @BYK @BruceHubbard @kompot @gaearon @brmc @MichaelJCole @kelset @kaylie-alexa