Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

To avoid breaking the internet, use strong dependency versioning #3853

Closed
jdbevan opened this issue Jul 7, 2017 · 5 comments · Fixed by #3866
Closed

To avoid breaking the internet, use strong dependency versioning #3853

jdbevan opened this issue Jul 7, 2017 · 5 comments · Fixed by #3866
Labels
good first issue triaged

Comments

@jdbevan
Copy link

jdbevan commented Jul 7, 2017
edited
Loading

Do you want to request a feature or report a bug?
Bug

What is the current behavior?
When installing yarn via npm (which I know is not the official way but is still in significant usage) the install can break if a dependency releases a patch or minor change. See #3850, #3851 and omnidan/node-emoji#45

Given that part of the point of using yarn is to avoid this kind of problem, it would be nice if yarn did actually avoid this kind of problem :)

If the current behavior is a bug, please provide the steps to reproduce.
Release a broken patch or minor release of a dependency, install yarn via npm

What is the expected behavior?
Yarn installs successfully

Please mention your node.js, yarn and operating system version.
OS agnostic
Node agnostic
Yarn >= 0.24.0
@jdbevan jdbevan changed the title To avoid breaking the internet, use string dependency versioning To avoid breaking the internet, use strong dependency versioning Jul 7, 2017
@MikeN123
Copy link

MikeN123 commented Jul 7, 2017

Yarn 0.21.3 broke as well, with a different error.

@hbeachey
Copy link

hbeachey commented Jul 7, 2017

Any version (we had all the way back to 0.16.1) which depend on the updating package breaks. Not sure previous versions really need the fix, but it's something to mention.

@theiawolfe theiawolfe mentioned this issue Jul 7, 2017
Closed
@bestander bestander mentioned this issue Jul 7, 2017
Closed
@bestander
Copy link
Member

As described here #3854 (comment).

We need to publish only the single-file-build yarn.js to npm.
Looking forward for a PR

@Daniel15
Copy link
Member

Daniel15 commented Jul 7, 2017

We need to publish only the single-file-build yarn.js to npm.

Publishing the dist directory after running scripts/build-dist.sh should be sufficient, we'd just need to have a modified package.json that removes all dependencies (since we'd no longer need any of the dependencies).

This was referenced Jul 7, 2017
Closed
Merged
@Daniel15
Copy link
Member

Daniel15 commented Jul 9, 2017

#3866

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Publish tarball with single JS file build to npm Daniel15/yarn
5 participants
@Daniel15 @MikeN123 @jdbevan @bestander @hbeachey