Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private github repository returns invalid package version #6195

Closed
vinnymac opened this issue Aug 1, 2018 · 11 comments
Closed

Private github repository returns invalid package version #6195

vinnymac opened this issue Aug 1, 2018 · 11 comments
Assignees
@rally25rs
Labels
triaged

Comments

@vinnymac
Copy link

vinnymac commented Aug 1, 2018
edited
Loading

Do you want to request a feature or report a bug?

Bug

What is the current behavior?

I have tested this behavior using the following versions of yarn:

  • 1.5.1
  • 1.6.0
  • 1.9.2

I receive the following output when trying to install my dependency tagged as 0.0.1

> yarn add git+ssh://git@github.com/vinnymac/myprivaterepo.git#0.0.1
yarn add v1.9.2
[1/4] 🔍  Resolving packages...
error Can't add "myprivaterepo": invalid package version undefined.
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.

If I try to use other tags, such as one with characters in them or non-semver compliant tags I get a slightly different message.

> yarn add git+ssh://git@github.com/vinnymac/myprivaterepo.git#v2018.07.16
yarn add v1.9.2
[1/4] 🔍  Resolving packages...
error Can't add "myprivaterepo": invalid package version "2018.07.16".
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.

Trying to regenerate my yarn.lock file results in the same message above.

If I attempt to see if yarn can list my dependency using version 1.9.2 I see this

yarn list | grep myprivaterepo
├─ myprivaterepo@2018.7.16

The lockfile shows my dependency as it was generated by 1.3.2 as the following

"myprivaterepo@git+ssh://git@github.com/vinnymac/myprivaterepo.git#v2018.07.16":
  version "2018.7.16"
  resolved "git+ssh://git@github.com/vinnymac/myprivaterepo.git#60f0759d54cc7ddf9d4c5d55a8de3bbb71cff9e7"
  dependencies:
    chalk "^2.4.1"
    cors "^2.8.4"
    express "^4.16.3"
    http-proxy-middleware "^0.18.0"
    inquirer "^5.2.0"
    node-sass-utils "^1.1.2"
    request "^2.87.0"
    semver "^5.5.0"
    underscore.string "^3.3.4"
    url-regex "^4.1.1"

If the current behavior is a bug, please provide the steps to reproduce.

This is a private repository, otherwise I would share it with you. If you have access to private repositories you can try to create tags identical to the ones above, and see if it works the same for you. Maybe even adding the dependencies I do will help. If you have recommendations for what I can do to more easily create a reproduction, I am open to trying anything.

What is the expected behavior?

I have tested that the expected behavior functions properly using the following versions of yarn:

  • 0.24.6
  • 1.1.0
  • 1.2.1
  • 1.3.2

On these versions of yarn, it finds the package version and installs the dependencies as I would expect. The dependency is added to my yarn.lock file and I currently am using 1.3.2 until I find another version that suites my needs.

Please mention your node.js, yarn and operating system version.

System Details

NodeJS - v8.11.1 (I've tested v7 and v6 as well)
Yarn - v1.9.2
macOS - 10.13.6

I have been able to reproduce this on more than one machine, I attempted 5 different machines, all were running 10.13 variants.

If this is a duplicate issue, I apologize as I tried to search through and see if anyone had anything similar posted, but could not find one.
@ghost ghost assigned rally25rs Aug 1, 2018
@ghost ghost added the triaged label Aug 1, 2018
@rally25rs
Copy link
Contributor

I think the "version" it is complaining about is from package.json. Does your repo contain a package.json that has the version field?

@vinnymac
Copy link
Author

vinnymac commented Aug 1, 2018
edited
Loading

@rally25rs looks like that is indeed what it is referring to.

For tag 0.0.1 my version is missing from the package.json, so that explains the undefined.

For tag v2018.07.16 my version in package.json is

"version": "2018.07.16",

Why does it say that 2018.07.16 is an invalid package version?
Do the tags and version need to be identical for yarn to function properly?
I can attempt that and see what happens.

EDIT:

So it looks like they don't need to be identical, but they have to be semver? I tried

> yarn add git+ssh://git@github.com/vinnymac/myprivaterepo.git#v0.8.0

and it installed version myprivaterepo@0.8.0 where the package.json version was 0.8.0 using v1.9.2 of yarn.

@rally25rs
Copy link
Contributor

rally25rs commented Aug 1, 2018
edited
Loading

Ah, so it looks like official semver doesn't consider 07 to be valid.

According to npm's semver package:

~/Projects/yarn-test 🐒   yarn add semver
yarn add v1.7.0
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
info Direct dependencies
└─ semver@5.5.0
info All dependencies
└─ semver@5.5.0
✨  Done in 0.79s.

~/Projects/yarn-test 🐒   node
> const s = require('semver')
undefined
> s.valid('2018.07.16')
null
> s.valid('2018.7.16')
'2018.7.16'

This is what is leading to the message

invalid package version "2018.07.16".

@vinnymac
Copy link
Author

vinnymac commented Aug 1, 2018
edited
Loading

I think the following improvements could be made to yarn in that case.

  1. For the tag 0.0.1 it could have instead said could not find field 'version' in package.json, which is much clearer in my opinion.
  2. For non-semver versions, I think it would be a worthwhile improvement to state somewhere in the docs that only semver versions are supported. If you attempt to use a non-semver version, it could instead say why it is an invalid package version.
  3. Installing dependencies with non-semver versions in NPM work fine, so it is a bummer that it stopped working here.

As a side note this appears to be related to npm/node-semver#232

@Swader Swader mentioned this issue Aug 19, 2019
Closed
@lieutenantken
Copy link

@vinnymac You are a god or at least a lower deity for discovering that package.json requirement for version! THANK YOU

@ltfschoen
Copy link

I'm using yarn v1.22.4.
I tried to modify a dependency of my repo here https://github.com/DataHighway-DHX/faucet/blob/master/package.json#L21 to be a branch of another Github repo by changing it to "@truffle/hdwallet-provider": "git://github.com/ltfschoen/truffle.git#14.0.6", and alternative I also tried running yarn add git://github.com/ltfschoen/truffle.git#14.0.6. I tried replacing #14.0.6with#v14.0.6andmasteranddevelop` (branches), but all return output:

error Couldn't find match for "14.0.6" in "refs/heads/alphaTez, ... refs/tags/@truffle/hdwallet-provider@1.0.36, ..."

But if I then run instead yarn add git://github.com/ltfschoen/truffle.git#refs/tags/@truffle/hdwallet-provider@1.0.36, it fails with the same error.
Note that @truffle/hdwallet-provider is a package within the https://github.com/ltfschoen/truffle repository (i.e. https://github.com/ltfschoen/truffle/blob/develop/packages/hdwallet-provider/package.json)

This was referenced Aug 26, 2020
Closed
Closed
@augnustin
Copy link

Fixed this issue by adding #master at the end of the git URL.

@yaizudamashii
Copy link

I see this issue with valid semver
"google-caja-bower": "https://github.com/acburdine/google-caja-bower#ghost",

and the project's package.json's version is "6011.0.0"

@rally25rs
Copy link
Contributor

@yaizudamashii I do not get an error when using that github reference as a dependency.

~/Projects/yarn-test 🐒   cat package.json
{
  "name": "yarn-test",
  "version": "1.0.0",
  "main": "index.js",
  "license": "MIT",
  "dependencies": {
    "google-caja-bower": "https://github.com/acburdine/google-caja-bower#ghost"
  }
}

~/Projects/yarn-test 🐒   yarn install
yarn install v1.22.5
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 🔨  Building fresh packages...

✨  Done in 0.07s.

~/Projects/yarn-test 🐒   ls node_modules/
google-caja-bower

@rally25rs
Copy link
Contributor

Closing this issue as the original cause was found to be a missing version in package.json, or a version whose value is not valid according to the semver library.

@felicio
Copy link

felicio commented Feb 17, 2023
edited
Loading

I'm using yarn v1.22.4. I tried to modify a dependency of my repo here https://github.com/DataHighway-DHX/faucet/blob/master/package.json#L21 to be a branch of another Github repo by changing it to "@truffle/hdwallet-provider": "git://github.com/ltfschoen/truffle.git#14.0.6", and alternative I also tried running yarn add git://github.com/ltfschoen/truffle.git#14.0.6. I tried replacing #14.0.6with#v14.0.6andmasteranddevelop` (branches), but all return output:

error Couldn't find match for "14.0.6" in "refs/heads/alphaTez, ... refs/tags/@truffle/hdwallet-provider@1.0.36, ..."

But if I then run instead yarn add git://github.com/ltfschoen/truffle.git#refs/tags/@truffle/hdwallet-provider@1.0.36, it fails with the same error. Note that @truffle/hdwallet-provider is a package within the https://github.com/ltfschoen/truffle repository (i.e. https://github.com/ltfschoen/truffle/blob/develop/packages/hdwallet-provider/package.json)

@ltfschoen please, were you able to resolve your use case? In my case, yarn@1.22.19 throws for a package which repository is a forked monorepo. Using npm@8.19.2 works fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rally25rs rally25rs

Labels
triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@rally25rs @vinnymac @augnustin @ltfschoen @yaizudamashii @felicio @lieutenantken