-
Notifications
You must be signed in to change notification settings - Fork 6
Conversation
Can you explain this change in some more detail? What does it mean for these hashes to be optional? |
we've encountered a few
as opposed to
Some of the source fetchers in yarn allow you to omit the hash, which will happily skip the validation step. (why anyone would ever use this "feature" is beyond me..) |
Oh, okay. This might make it interesting for Out of interest, are you using
If npm is the mother of bad design decisions, yarn is its firstborn. :) |
One more thing, can you paste a complete lockfile into a gist where you noticed that? I’d like to see the whole thing if possible, to figure out the reason maybe. |
I haven't been able to find examples in public repos yet -- but it's something I came across when parsing I wonder if it's behavior from old versions of yarn, which is still allowed for backward compatibility
Yes -- though I'd be happy to submit a PR to yarn2nix to support these changes. Might need some help figuring out how to best handle the missing hashes |
I’m not sure how fast I can come around to thinking through this, but we can merge the changes to this library nonetheless. |
Hm, I really don’t know what I should think about this. If |
Here are a couple:
It looks like these were added years ago when we switched to yarn. Excerpts of the diff from [...]
- "underscore-deep-extend": {
- "version": "github:fossas/underscoreDeepExtend#045f2e86fbe0ddb06e8d542d8b7524dd75f5b9d5"
- },
[...]
- "cacheman": {
- "version": "github:appleboy/cacheman#fca43cd43b5782909947482a13ba2127e3f37929",
- "requires": {
- "cacheman-memory": "1.0.2",
- "ms": "0.7.3"
- }
- },
[...] notably, the In
Not sure what to make of that. It looks like yarn used to traverse |
Hmm, what happens if you re-generate them with a modern yarn then (if that’s possible)? |
Regenerating (with Even if the hashes were there, our use case requires us to successfully parse all valid yarn lock files. I'd understand if you don't want to support that though -- and I don't mind maintaining a fork for our specific usecase |
In this case, let’s add another case besides |
Added two new data constructors, |
I’m fine with verbose names :) |
Thanks, I wasn’t able to push to this PR, so I rebased, added a release and pushed to master. The new release is also on hackage |
(this includes the commit from my other PR that updates to Megaparsec 7.*)
yarn.lock allows hashes to be omitted in the
resolved
field, so I made them optional