An unexpected error occurred: "Commit hash required".

[roderik]

I've got a project, that has been running fine for months, where suddenly adding/installing eth-lightwallet fails during fetching packages with An unexpected error occurred: "Commit hash required".

Suddenly is defined as between March 21st, 9:51AM CET - March 22nd, 5:30PM CET with a commit that did not touch the package.json or lock files (just a css and html fix)

I've tried:

• changing node version 7.7.4 and 7.7.1 (on 7.7.1 it worked before without question)
• removing all caches, npm_modules, lockfiles
• it fails both on a linux (alpine and debian) ci docker image, and on OSX
• created a new project and added it. this worked, so it's my dependency set that breaks it
• it appears to be related to bignumber.js in the dependencies, so tried a lot of different formats in https://github.com/roderik/eth-lightwallet.git
• added if (!commit) console.log(_this2) to my git-fetcher.js line 113 and installed using yarn add https://github.com/roderik/eth-lightwallet.git --verbose --network-concurrency 1 --force Result: https://gist.github.com/roderik/f5ff6abfcdcdb364f2a5327016317de0 and the error log, but this does not show a reason for the commit hash to be empty
• it installs fine with npm, so it's my dependencies + yarn

I'm stumped and reverted to yarn install || npm i on my ci, but this is not really the way it's supposed to be.

[grydstedt]

Seeing this as well. Can't seem to get out of it either.

[sixinli]

try regenerating your yarn.lock file? the resolved link has been changed for external dependencies -

i had a dependency that looks like

"leaflet.markercluster": "Leaflet/Leaflet.markercluster#leaflet-0.7"

and it originally resolves to
resolved "https://codeload.github.com/Leaflet/Leaflet.markercluster/tar.gz/232e93ccbe5b70241913f47a4d1a8ceec8c88c30" which the git-fetcher fails to extra commit hash from

i changed the dependency to
"leaflet.markercluster": "git://github.com/Leaflet/Leaflet.markercluster#leaflet-0.7"
and it then resolves to
resolved "git://github.com/Leaflet/Leaflet.markercluster#232e93ccbe5b70241913f47a4d1a8ceec8c88c30"

this only fails for me when:

• there's linked dependency - project depends on A and B, and A depends on B, and
• using yarn install --pure-lockfile (yarn install works)

[s3ththompson]

Seeing this error as well.

My yarn-error.log: https://gist.github.com/s3ththompson/39bf7d98faeef3811d8a5bc747427b74

[kaicataldo]

Same here - I'm also seeing some duplicate entries from nested dependencies unless I use the git://github.com format.

[s3ththompson]

I haven't tracked down an exact repro yet, but I was running into issues installing "inline-styles": "^1.0.0" (inline-styles) which in turn has a dependency on cheerio of the form git://github.com/cheeriojs/cheerio. I believe the cheerio dependency was what was breaking...

[smitt04]

I am having same issue
yarn-error.txt

[jeffscottward]

Same issue as well
We are using "next" in pkg.json for "uport-connect" possibly the issue?
yarn-error.txt

[smitt04]

Found out this problem has to do with `git, especially when the dependency was resolving to a git url with out a commit hash as the version. It makes since as there is no way to lock down the version when you are just loading what ever is in master. Removing all git dependencies resolved this issue for me.

[kaicataldo]

@smitt04 Glad you found a workaround. Not an option for us, unfortunately :(

[s3ththompson]

@smitt04 @kaicataldo I don't follow that there is no way to lock down a version when you are loading from master... it seems as though the yarn.lock should track the commit hash that matches HEAD at the time the git dependency is installed.

[jeffscottward]

Removing all git dependencies resolved this issue for me.

@smitt04
What exactly does this mean? As in stuff that doesn't exist on NPM? Some sort of git tooling?

[bestander]

@roderik, can you share a yarn.lock + package.json that reproduce the issue?
The trick with git dependencies is that sometimes hash can be a commit hash and other times it can be a sha1 hash.

[smitt04]

@jeffscottward what i meant was that any npm packages in my package.json file that referenced by a git url i switched to use the npm version and it fixed the issues i was having.

[roderik]

@bestander everything is in https://gist.github.com/roderik/f5ff6abfcdcdb364f2a5327016317de0

[jeremyong]

Seeing this as well even after a yarn cache clean and removal of the node_modules folder

[weyert]

I am having the issue too. Downgrading to an older version seems to solve it for me on Heroku. Maybe the following dependency in my package.json causes trouble: "autofill-event": "weyert/autofill-event",

[levity]

I just started seeing this on Heroku today as well, with version 0.22.0 of yarn. Changing to version 0.23.2 fixed it.

Change the version on Heroku by adding to package.json:

{ 
  "engines": {
    "yarn": "0.23.2"
  }
}

[matrunchyk]

Yay! Thanks @levity! Adding

{ 
  "engines": {
    "yarn": "0.23.2"
  }
}

to my package.json on BitBucket did the trick!
Actually, it's weird because my bitbucket docker container already has 0.23.2.

[s3ththompson]

I thought 23.2 fixed this issue for a little while, but I ran into it again trying to remove a dependency from yarn.lock.

[lukehedger]

Also seeing an error when managing the eth-lightwallet dependency with Yarn. After installing the dependency, subsequent yarn commands (add, install) fail with this error:

An unexpected error occurred: "ENOENT: no such file or directory, open '/Users/luke/Library/Caches/Yarn/v1/npm-bignumber.js-2.0.7-c4840fe42268643818b2730ebedb0eec7271ee42/.yarn-metadata.json

Running yarn cache clean and removing node_modules and the yarn.lock file resolves the issue but re-running yarn install will cause the issue to resurface.

Looks like eth-lightwallet actually depends on a particular commit of a fork of bignumber.js - @bestander guess this could be the culprit?

Seems that if I install a new dependency, Yarn always tries to install bignumber.js again:

→ yarn add react-motion
yarn add v0.23.2
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
success Saved 5 new dependencies.
├─ bignumber.js@2.0.7
├─ performance-now@0.2.0
├─ prop-types@15.5.8
├─ raf@3.3.0
└─ react-motion@0.5.0
✨  Done in 10.62s.

[rymndhng]

@BYK I'm still seeing this issue :/

edit: I'm not seeing this issue -- I had a bad https setup (invalid token), but the error message shows "Commit Hash Required"

[hugodutra-zz]

I was having the same issue, what solved for me was change the import on package.json

from: "react-common": "git+https://github.com/vizinhanca/react-common.git#master"
to: "react-common": "git+ssh://git@github.com/vizinhanca/react-common.git#master",

[sudoanand]

Try deleting the yarn.lock file and then git stash or commit existing changes.

[pbirbarah]

"Try deleting the yarn.lock file and then commit existing changes". that worked for me!

[saadSarwar28]

@pbirbarah , worked for me too. in my case, i received an app that was created on mac and i am on windows, yarn.lock should never be committed in a repo I think.

[elie222]

@pbirbarah , worked for me too. in my case, i received an app that was created on mac and i am on windows, yarn.lock should never be committed in a repo I think.

yarn.lock should be committed.

[voltechs]

Try deleting the yarn.lock file and then git stash or commit existing changes.

No dice for me.

[2/4] 🚚  Fetching packages...
error An unexpected error occurred: "Commit hash required".
info If you think this is a bug, please open a bug report with the information provided in "~/.Trash/project/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

Why does it put the error log in the trash? lol...

[kuldeep2110]

Check your node version
I was on v14.20.0 and when i switched to 16.14.0 it resolved the issue for me
then delete the lock file and yarn install again

[ianrowan]

I am also receiving this issue and have tried almost everything here

I'm on yarn install v1.22.19

And added npm package "userop": "^0.3.0" to my package.json and started receiving the error message. As far as I can tell the package is resolved via npm in yarn lock when generated

userop@^0.2.0:
    version "0.2.0"
    resolved "https://registry.npmjs.org/userop/-/userop-0.2.0.tgz"
    integrity sha512-WvPUktveT0lqyvuEl1eBIFLCG+72FBy1fE7vcRVgDAGSDYB3oW+VVvOA5AFhQFZzVjJe7PbSFyyN9lWqww03oQ==
    dependencies:
      ethers "^5.7.2"

Would be nice if the error message was more descriptive of what package is 'missing a commit hash'
Even the error log is very generic and can only debug from deduction

Invariant Violation: Commit hash required
      at invariant (/usr/local/Cellar/yarn/1.22.19/libexec/lib/cli.js:2318:15)
      at GitFetcher.<anonymous> (/usr/local/Cellar/yarn/1.22.19/libexec/lib/cli.js:89316:7)
      at Generator.next (<anonymous>)
      at step (/usr/local/Cellar/yarn/1.22.19/libexec/lib/cli.js:310:30)
      at /usr/local/Cellar/yarn/1.22.19/libexec/lib/cli.js:328:14
      at new Promise (<anonymous>)

[bibhuti9]

Well, I removed node_module and yarn.lock file and re-install all dependencies it worked for me.