-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yarn.lock should not include base registry(http://registry.npmjs.org
)
#3330
Comments
Yeah, that sounds like a useful feature. |
Yup, completely agree. Ideally, I think the |
@doxiaodong want to send an RFC? We'll need to discuss backwards compatibility, this feature being an opt-in, defaults etc |
@bestander , any template here? I don't know what and how to do that. |
Sure, here are a couple of good examples https://github.com/yarnpkg/rfcs/pull/40/files https://github.com/yarnpkg/rfcs/pull/34/files |
I have sent a pr yarnpkg/rfcs#64 |
+1 for this. In our case (which I think is shared by many) we have one registry in our local dev environment, and another in our CI environment. Currently, tracking the lock file with git causes it to contain references to the dev registry which in turn leads to builds in CI failing. The only solution we have found so far is to not track the lock file at all, which incurs a performance hit during builds. |
+1 for this. We use a local registry and would like it to ignore the one in the yarn.lock in favor of our local. |
+1 for this. In our situation we are using jenkins and sinopia in a kubernetes environment. In the kubernetes network sinopia has a different url to the external network url. It would be handy if we could switch between the 2 easily as it might be faster to use the internal kubernetes network url, while allowing developers to use the external registry url as they wont have access to the internal url |
This would be nice to have. We have a mirror used outside our Build Environment that has one URL. Inside the Build Environment it has a different URL, and the original registry used to generate the lock file is not available. We've noticed that passing the |
Suggest a simple backwards compatible RFC and send a PR, we'll get it sorted then. |
@bestander I wrote one here. Not sure if it's enough, but it's a start |
I would say remove concepts of urls/paths all together, and only list the name, version and hash. It's easy to rebuild the url at download time instead, and opens potential for alternate url formats too. |
@bestander when you say backwards compat RFC, do you mean newer yarn can still load older yarnrc, or that older yarns should still be able to load the newer yarnrc? |
@aikar, conceptually I agree. When I talk about backwards compatibility I mean that yarn.lock generated by a previous version of Yarn won't be compatible by the next version that strips the URLs and vice versa. So far I am fine to settle on a minimal change to unblock people using npm mirrors. |
Met this question today ToT |
This has sadly become a blocker for us. Npm works correctly using an |
Here is the RFC we have agreed on, it should solve the title issue and is waiting for a champion to implement it: https://github.com/yarnpkg/rfcs/pull/84/files. It is quite easy to implement it so please go ahead and send a PR. As for talks about integrity fields we have one here: #816 |
Wow, that was impeccable timing 🤣 |
Opened a new issue at #5892 to put this feature request inside the v2 high level goals 🙂 |
So this feature still under development? |
Deploying website to now.sh always fail, and I can not even use |
you are right |
Closing this issue; we already have #5892. This will be part of the v2, but probably not the v1. |
What about at least logging that there are inconsistencies between the configured registry and the cached URLs in the lock? |
Any plan to implement a solution within yarn after all those years ? |
It got fixed about three years and two major versions ago. |
My current problem is that it seems all official node docker images include version 1.x.x of yarn and it is a ban of our CI processes to use latest versions of yarn. |
Well, no-one can help you with this. You either need to stop using Yarn, or workaround your policy to upgrade. When used with corepack, making your build use Yarn 2+ with external node docker images is pretty trivial. Yarn 2+ can essentially be treated as a build-time dependency like any other (not something pre-installed) and can be source controlled/locked alongside your code etc so doesn't really "affect" your CI environment except if you are doing something special to mount the Yarn cache for re-use between builds. In other words, Yarn 2+ does need to be, and is canonically never pre-installed on something like a container image. Rational explained on the linked docs. |
@chadlwilson May keeping Yarn 1.x and downloading artifacts from original registry every time be simpler :-) . |
That’s now how it works or has to work (read the migration guide and/or my comment more closely around source controlling yarn itself) but this isn’t the right place for that discussion. |
I could not bare yarn anymore. It stupidly writes registry info into the lock file, and this problem will not be fixed (yarnpkg/yarn#3330 (comment)) unless you use the even stupider yarn berry.
Do you want to request a feature or report a bug?
feature
What is the current behavior?
yarn.lock include registry
If the current behavior is a bug, please provide the steps to reproduce.
What is the expected behavior?
should be
Reason
Most developers in china will use
--registry=https://registry.npm.taobao.org
, and then, yarn.lock will beBut for travis-ci, circleci, it seem to be slowly.
So, I think the regiistry should not be in yarn.lock
The text was updated successfully, but these errors were encountered: