-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
package resolver is sensitive to order #3489
Comments
On top of it, I think we should disable this lockfile optimization if Another idea to discuss, should we make this dependency optimization an opt-in feature? |
Related to this #3313 |
Raised this one #3490 |
I think I've hit this one too - I've found a case where upgrading a package then running a I've put a script together that reproduces the issue here https://github.com/hmarr/yarn-lock-inconsistency |
Thanks for repro, @hmarr. |
This is a first try for a deterministic algorithm. No early outs based on earlier registry resolves,
This algorithm has a 2 drawbacks:
I think it is also important to determine what the main priority for this algorithm should be. Minimizing the number of installed versions? Install the best version? Version stability for currently already installed packages? I don't have a lot of time to work on this for now, so I can't promise to work on this. |
After thinking a bit more about this today I think we should step back actually. Yarn guarantees that node_modules will be installed the same way for the same lockfile and developers won't get surprisingly different results every time install command runs. That is why Yarn should not optimize lockfile while resolving dependencies during install. |
@blexrob, thanks for offering your insight! |
I have an example of this occurring here: https://github.com/timkelty/yarn-order-bug
|
I may have a fix, will post a PR soon |
Should be fixed in 0.27.2 👍 |
Do you want to request a feature or report a bug?
bug
What is the current behavior?
From #3477 (comment):
With 2 patterns, [email protected] (A) and a@^1.0.0 (B), current version 1.0.2, the following can happen:
Order 1
A resolves, adds version 1.0.1
B resolves, finds matching version 1.0.1, delays
final resolve for B, to version 1.0.1
Outcome: [email protected] -> 1.0.1, a@^1.0.0 -> 1.0.1
Order 2
B resolves, adds version 1.0.2
A resolves, adds version 1.0.1
Outcome: [email protected] -> 1.0.1, a@^1.0.0 -> 1.0.2
The committed code will still mitigate problems, but it won't completely solve them...
I'm afraid a better algorithm is needed to get fully deterministic resolves.
Please mention your node.js, yarn and operating system version.
Yarn 0.26
The text was updated successfully, but these errors were encountered: