Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Engine field containing newlines can break lockfile #3491

Closed
marcus-crane opened this issue May 31, 2021 · 1 comment · Fixed by #3500
Closed

Engine field containing newlines can break lockfile #3491

marcus-crane opened this issue May 31, 2021 · 1 comment · Fixed by #3500
Labels
type: bug
Milestone
v6.7

Comments

@marcus-crane
Copy link

marcus-crane commented May 31, 2021
edited
Loading

pnpm version: 6.6.2

Code to reproduce the issue:

pnpm add -g yaml-language-server

Expected behavior:

The lockfile is not broken, or the package is not committed to the lockfile if strict engine parsing is used.

Actual behavior:

> pnpm add -g yaml-language-server
Packages: +21
+++++++++++++++++++++
Progress: resolved 46, reused 46, downloaded 0, added 0, done

/Users/marcran/.asdf/installs/nodejs/16.2.0/.npm/pnpm-global/5:
+ yaml-language-server 0.19.2

> pnpm add -g some-other-package
 WARN  Ignoring broken lockfile at /Users/marcran/.asdf/installs/nodejs/16.2.0/.npm/pnpm-global/5: The lockfile at "/Users/marcran/.asdf/installs/nodejs/16.2.0/.npm/pnpm-global/5/pnpm-lock.yaml" is broken: missed comma between flow collection entries (1495:20)

 1492 |
 1493 |   /yaml-language-server/0.19.2:
 1494 |     resolution: {integrity: sha512-E4yMj1oK+OCObD ...
 1495 |     engines: {npm: |+
---------------------------^

As for the actual lockfile contents:

> tail -n 25 ~/.asdf/installs/nodejs/16.2.0/.npm/pnpm-global/5/pnpm-lock.yaml
    resolution: {integrity: sha512-GQ2eRE5GcKBK8XVKBIcMyOfC8WMZmEs6gogtVc6knLKE6pG+e5L/lOMfBxZzAt2lqye5itMggQ9+6stXAVhMsw==}
    dev: false

  /yaml-language-server/0.19.2:
    resolution: {integrity: sha512-E4yMj1oK+OCObD15LvEaHOw8y3ux7G4KrREQDsDkjqFhUm/3qCCPMh3NPXTRQyse3r6Xpsv+lAW17Qo/NKm+0g==}
    engines: {npm: |+


      ERROR: Please use yarn, npm is not supported in this repository!!!

Additional information:

  • node -v prints: v16.2.0
  • Windows, macOS, or Linux?: macOS

To clarify, the issue here is that yaml-language-server package puts some newlines into its engines field, as seen here:

https://github.com/redhat-developer/yaml-language-server/blob/master/package.json#L22

This isn't necessarily an issue with pnpm but unfortunately trying to install this package globally (to use with editor lsp integration) causes the lockfile to become malformed once the engine field is parsed.

It's really annoying that they enforce this dependency on Yarn (there are more than 2 package managers... 😢 ) but I suppose pnpm will probably want to have some sanity checks for this sort of stuff as well.
@zkochan
Copy link
Member

zkochan commented May 31, 2021

I don't think we even need to add anything else then node from the engines field to the lockfile.

zkochan added a commit that referenced this issue Jun 3, 2021
@zkochan
fix: broken lockfile when values in engines have new lines
357ddd5 
close #3491
@zkochan zkochan mentioned this issue Jun 3, 2021
Merged
zkochan added a commit that referenced this issue Jun 3, 2021
@zkochan
fix: broken lockfile when values in engines have new lines (#3500)
2dc5a7a 
close #3491
@zkochan zkochan added this to the v6.7 milestone Jun 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
v6.7
Development

Successfully merging a pull request may close this issue.

fix: broken lockfile when values in engines have new lines pnpm/pnpm
2 participants
@zkochan @marcus-crane