[Bug?]: Yarn checksums are dependent on user-configurable compression ratio #6068
Labels
bug
Something isn't working
Comments
|
Related - #5939 @ashkitten I added a reproduction in my old issue if you want to use it here. Though my issue was only about missing documentation about the change. |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Self-service
Describe the bug
yarn.lock checksums are calculated based on the hash of the zip files in the cache directory, NOT their contents. This causes issues where if a user has a global .yarnrc.yml with compressionLevel set to something other than the default 0, yarn will always attempt to update the lockfile with all new hashes. This is especially bad in a hypothetical scenario where a developer has compressionLevel set globally and commits their lockfile, then someone tries to use the lockfile with --immutable (say, in a typical distro package build script).
To reproduce
Environment
System: OS: Linux 6.6 NixOS 24.05 (Uakari) 24.05 (Uakari) CPU: (12) x64 AMD Ryzen 5 5600X 6-Core Processor Binaries: Node: 20.10.0 - /tmp/xfs-94698436/node Yarn: 4.0.1 - /tmp/xfs-94698436/yarn npmPackages: jest: ^29.5.0 => 29.7.0Additional context
The text was updated successfully, but these errors were encountered: