New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Yarn broke my system by overwriting "which" binary in /bin with /usr as prefix #4205

Closed
aalexgabi opened this Issue Aug 18, 2017 · 4 comments

Comments

Projects
None yet
3 participants
@aalexgabi

aalexgabi commented Aug 18, 2017

Do you want to request a feature or report a bug?
Report a bug

What is the current behavior?

  • yarn writes in /bin when the prefix is /usr
  • yarn overwrites binaries in /bin without asking for confirmation or a force option

If the current behavior is a bug, please provide the steps to reproduce.

% ll /bin/which /usr/bin/which  
-rwxr-xr-x 1 root root 23K May 14  2016 /bin/which
-rwxr-xr-x 1 root root 23K May 14  2016 /usr/bin/which
% sudo yarn global bin
/usr/bin
% sudo yarn global add eslint
yarn global v0.28.4
warning package.json: No license field
warning No license field
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
warning "ajv-keywords@1.5.1" has incorrect peer dependency "ajv@>=4.10.0".
[4/4] Building fresh packages...
success Installed "eslint@4.4.1" with binaries:
      - eslint
warning No license field
Done in 1.18s.
% ll /bin/which /usr/bin/which
lrwxrwxrwx 1 root root 63 Aug 18 18:42 /bin/which -> ../local/share/.config/yarn/global/node_modules/which/bin/which
lrwxrwxrwx 1 root root 63 Aug 18 18:42 /usr/bin/which -> ../local/share/.config/yarn/global/node_modules/which/bin/which

After this Visual Studio Code and Octopi did not work anymore until I reinstalled which by:

% sudo pacman -S which

What is the expected behavior?

  • yarn should write in /usr/bin
  • yarn should refuse to overwrite binaries unless asked to by providing some force option

Please mention your node.js, yarn and operating system version.

% node -v
v8.2.1
% yarn -v
yarn install v0.28.4
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
info Lockfile not saved, no dependencies.
Done in 0.07s.
% lsb_release -a
LSB Version:	n/a
Distributor ID:	ManjaroLinux
Description:	Manjaro Linux
Release:	17.0.2
Codename:	Gellivara

@aalexgabi aalexgabi changed the title from Yarn broke my system by overwriting system "which" binary in /bin with /usr as prefix to Yarn broke my system by overwriting "which" binary in /bin with /usr as prefix Aug 18, 2017

@tadayosi

This comment has been minimized.

Show comment
Hide comment
@tadayosi

tadayosi Aug 24, 2017

This is terrible. After that my .bashrc won't work anymore. which starts to fail like this:

$ which ls
which: illegal option -- -

https://serverfault.com/questions/859738/nodejs-overwritten-usr-bin-which-how-to-fix

Hope this gets fixed soon.

tadayosi commented Aug 24, 2017

This is terrible. After that my .bashrc won't work anymore. which starts to fail like this:

$ which ls
which: illegal option -- -

https://serverfault.com/questions/859738/nodejs-overwritten-usr-bin-which-how-to-fix

Hope this gets fixed soon.

@BYK

This comment has been minimized.

Show comment
Hide comment
@BYK

BYK Aug 24, 2017

Member

Duplicate of #3824. This is part of our Yarn 1.0 effort which is scheduled to be released in a couple of weeks so hopefully you'll get the fix soon.

Apologies for the inconvenience. As a workaround, you can change the order of the directories in your $PATH variable and reduce the precedence of Yarn binaries against system/user binaries. I know that's not ideal but at least it is a stop gap until we release a fix.

Member

BYK commented Aug 24, 2017

Duplicate of #3824. This is part of our Yarn 1.0 effort which is scheduled to be released in a couple of weeks so hopefully you'll get the fix soon.

Apologies for the inconvenience. As a workaround, you can change the order of the directories in your $PATH variable and reduce the precedence of Yarn binaries against system/user binaries. I know that's not ideal but at least it is a stop gap until we release a fix.

@BYK BYK closed this Aug 24, 2017

@tadayosi

This comment has been minimized.

Show comment
Hide comment
@tadayosi

tadayosi Aug 24, 2017

Thanks @BYK. In fact, your proposed workaround doesn't seem to work, because the problem with this is that yarn overwrites the existing which.

% ll /bin/which /usr/bin/which
lrwxrwxrwx 1 root root 63 Aug 18 18:42 /bin/which -> ../local/share/.config/yarn/global/node_modules/which/bin/which
lrwxrwxrwx 1 root root 63 Aug 18 18:42 /usr/bin/which -> ../local/share/.config/yarn/global/node_modules/which/bin/which

So the only workaround I found so far is to reinstall which everytime yarn has overwritten it :-(

$ sudo yum reinstall which

Anyway yarn is an awesome tool overall and I'd like to say thank you all for providing us with it!

tadayosi commented Aug 24, 2017

Thanks @BYK. In fact, your proposed workaround doesn't seem to work, because the problem with this is that yarn overwrites the existing which.

% ll /bin/which /usr/bin/which
lrwxrwxrwx 1 root root 63 Aug 18 18:42 /bin/which -> ../local/share/.config/yarn/global/node_modules/which/bin/which
lrwxrwxrwx 1 root root 63 Aug 18 18:42 /usr/bin/which -> ../local/share/.config/yarn/global/node_modules/which/bin/which

So the only workaround I found so far is to reinstall which everytime yarn has overwritten it :-(

$ sudo yum reinstall which

Anyway yarn is an awesome tool overall and I'd like to say thank you all for providing us with it!

@aalexgabi

This comment has been minimized.

Show comment
Hide comment
@aalexgabi

aalexgabi Oct 21, 2017

I confirm that the issue is not present in yarn@1.1.0.

aalexgabi commented Oct 21, 2017

I confirm that the issue is not present in yarn@1.1.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment