-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yarn install won't install the sub-dependencies of private git dependencies #6677
Comments
Could you make a minimal sample project? I use GitHub references a lot and I've never run into this issue. Not sure if it's specific to GitLab or also happens with GitHub? |
I am experiencing this as well for a private Git repo. I have ESLint listed as a dependency in my project's package.json as well as in the package.json for the Git repo dependency. After running
and a yarn-lock file is not generated. The node_modules folder then contains an eslint folder that contains the version listed in my package.json, while the 'mydependency' folder has an empty node_modules folder, withouth a separate copy of the version of eslint listed in its package.json. 'myproject' package.json:
'mydependency' package.json:
I should note that I am experiencing this issue only recently after trying to run a fresh Perhaps the fact that eslint is also listed as a peer dependency is preventing the proper version of the dependency's dependency from being installed? |
@rally25rs I am seeing the same behavior after moving our package registry from Artifactory to Gitlab. Upon install, the Trying to debug, but this being Gitlab related could be true. |
@rally25rs Could this be the issue on their side? https://gitlab.com/gitlab-org/gitlab/issues/9415 It seems if i put the entry in my package.json and simply run // package.json
{
"dependencies": {
"@myscope/my-package": "4.0.0-alpha.1"
}
} The dependencies of But, if I run Very curious |
@chrismllr if GitLab doesn't include a However it looks like GitLab should have fixed that months ago. I don't have a GitLab repo setup that I can try, but you should be able to just see what metadata it returns for your package with a normal GET request from a web browser or curl. |
@rally25rs Interesting, what would the URL look like for that GET request? I'll check it out. Thanks! |
Actually, the code here and it looks like if Although, none of that really explains why sub-deps wouldn't be installed, unless those aren't listed in the metadata either |
@chrismllr the registry URL for a normal package like You would then expect to see and I'm pretty sure that is what yarn uses to install the transitive/sub dependencies |
Ah! We're getting somewhere. The dist-tags DOES exist, with the correct Although, the registry did not add the Looks like:
Wheras Artifactory includes more metadata from package.json, including I could see this likely being a problem 😆 Although I don't know how it is working correctly when installing the package alone using I will open a support ticket with Gitlab and get back to you when I have some more details. |
Update: Gitlab merged a fix for this within the last week, and it is now live on gitlab.com. We are on an enterprise account and have not received the update yet. New structure from gitlab packages: {
"name": "@scope/package",
"dist-tags": {
"latest": "1.0.5"
},
"versions": {
"1.0.5": {
"name": "@scope/package",
"version": "1.0.5",
"dist": {
"shasum": "4cbde301828bd1f3e",
"tarball": "https://gitlab.com/api/v4/projects/xx/packages/npm/@scope/package/-/@scope/package-1.0.5.tgz"
},
"dependencies": {
"sub-dep-1": "^2.0.0",
"sub-dep-2": "^15.0.2"
}
}
}
} I am not sure if this solves the problem for the original reporter, but its something Gitlab has apparently taken care of recently. |
The addition of
One thing I remembered while investigating another issue; If a lockfile already exists and the specific locked version is in yarn cache, then I believe yarn will use the I'm going to mark this issue closed in light of this gitlab change. If the problem still occurs, we can reopen. Thanks for checking the gitlab metadata responses @chrismllr that really helps. 👍 |
Hello,
Any hints ?
|
Do you want to request a feature or report a bug?
Report a bug
What is the current behavior?
We have a couple of packages we install from gitlab in our
package.json
in the following format:"package" : "git+ssh://gitlab.com/user/package"
Yarn manages to download and link this package but it's not downloading any of its dependencies.
If the current behavior is a bug, please provide the steps to reproduce.
What is the expected behavior?
My package's dependencies are installed
The text was updated successfully, but these errors were encountered: