[Bug] `dlx` on packages with a single binary doesn't execute it if the name doesn't match the package

[IT-CASADO]

• I'd be willing to implement a fix

Describe the bug

I cannot run yarn dlx @yarnpkg/pnpify --sdk vscode with a private registry on Azure Artifacts.

Internal Error: Binary not found (pnpify) for root-workspace-0b6124@workspace:.

To Reproduce (Sherlock)

const installPromise = packageJsonAndInstall({
  dependencies: {
  },
});

// arrange private registry
await yarn(`config`, `set`, `npmRegistryServer`, `https://pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry`);

await yarn(`config`, `set`, `npmRegistries["//pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry"].npmAlwaysAuth`, `true`);
await yarn(`config`, `set`, `npmRegistries["//pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry"].npmAuthIdent`, `eWFybi1idWdzOnM2Z2o3b3IzZGNicTY1cHVyZHdoZ282bnNoNnljZHRzMm43ZXZ3dG55YW8zc2lmb2F0bWE=`);

// act
const output = await yarn(`dlx`, `@yarnpkg/pnpify`, `--sdk`, `vscode`);

// assert
expect(output).not.stringContaining(`Internal Error: Binary not found (pnpify) for root-workspace`);

To Reproduce (Manual)

1. .yarn.yml

npmRegistries:
  //pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry:
    npmAlwaysAuth: true
    npmAuthIdent: eWFybi1idWdzOnM2Z2o3b3IzZGNicTY1cHVyZHdoZ282bnNoNnljZHRzMm43ZXZ3dG55YW8zc2lmb2F0bWE=

npmRegistryServer: "https:////pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry"

2. package.json

{
  "name": "SomeProject",
  "description": "Some project",
  "license": "MIT",
  "author": "Author",
  "version": "0.0.1",
  "devDependencies": {
    "typescript": "^4.0.3"
  }
}

Or use this GITHUB repository: https://github.com/IT-CASADO/yarn_issue_2013_repro

Side notes
My authentication must be fine, because I can run yarn npm publish without any errors and I can see the published package on my private repository.

The used registry on Azure and the token (read-only) exists only for this bug. So there is no security issue here!

Using the default NPM repository works fine for me.

Environment if relevant (please complete the following information):

• OS: [Windows]
• Node version [10.18.3]
• Yarn version [2.3.3]

[darthtrevino]

This occurs on any project where the monorepo root has private: true

[IT-CASADO]

This occurs on any project where the monorepo root has private: true

I'm using the wrong word "repository"! My repository is public, but I'm using a private registry (Azure Artifacts).
Sorry for the confusion!

[darthtrevino]

I'm just saying that I ran into this on a project that was using a public registry. I don't think the Azure piece was triggering this bug.

Removing 'private: true' from the top level package before installing the SDKs was a usable workaround

[arcanis]

I'll need a repro, because it works here (tested on this very repository).

[darthtrevino]

https://github.com/darthtrevino/yarn_issue_2013_repro

[darthtrevino]

So it looks like this repro works as expected if you add 'typescript' as a devDependency. Yesterday the behavior I was seeing was that it would behave like this even with TypeScript as a devDependency.

I could be wrong though, maybe I'm gaslighting myself.

I remember for sure removing "private: true", and then the SDKs rolled in.

[darthtrevino]

It would be nice if you could tool SDKs through the CLI, maybe something like

yarn dlx @yarnpkg/pnpify --sdk vscode --toolchain typescript prettier

In my projects I'm driving prettier through a build package, not as a direct dep. In order to get the Yarn SDK I need to add prettier as a devDep temporarily.

[IT-CASADO]

Hi all, thanks for quick response.

I'm currently preparing some stuff in my Azure Devops (private registry for a dedicated user so that I can create a npmAuthIdent that I can make public.

I will use your repository for this by changing the configuration...

[IT-CASADO]

I cloned your repository and added following to .yarn.yml:

npmRegistries:
  //pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry:
    npmAlwaysAuth: true
    npmAuthIdent: eWFybi1idWdzOnM2Z2o3b3IzZGNicTY1cHVyZHdoZ282bnNoNnljZHRzMm43ZXZ3dG55YW8zc2lmb2F0bWE=

npmRegistryServer: "https://pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry"

Then I see immediately my error!

[IT-CASADO]

[darthtrevino]

You'll want to edit your comment so that other viewers won't get access to your private NPM.

Is your azure artifact registry set up to mirror NPM for other packages? This issue may be with Azure.

You may also consider using Azure private registries only for specific scopes (e.g.. @my-super-secret-project/library).

[IT-CASADO]

The token in npmAuthIdent is for a specific user with restricted scope to a specific project only in my Azure DevOps for the purpose of this bug. So its fine for now, but I will revoke my token in the next days...

Yes, NPM is mirrored as an upstream source for my artifact repository.

[IT-CASADO]

@darthtrevino Did you see the same error after adding my registry configuration?