Log not clear enough when package version does not exist on the registry

[JowieXiang]

How to reproduce

1. .npmrc:

registry=https://registry.npmjs.org

2. package.json (notice that react 0.0.0 is an non-existent version):

{
  "name": "",
  "version": "1.0.0",
  "main": "index.js",
  "license": "MIT",
  "dependencies": {
    "react": "^0.0.0"
  }
}

3. run yarn and choose a version for react in the command line prompt.

yarn install v1.22.5
info No lockfile found.
[1/4] Resolving packages...
Couldn't find any versions for "react" that matches "^0.0.0"
? Please choose a version of "react" from this list: (Use arrow keys)
> 18.0.0-rc.0-next-fe905f152-20220107
  18.0.0-rc.0-next-fe419346d-20220105
  18.0.0-rc.0-next-fa816be7f-20220128
  18.0.0-rc.0-next-f2a59df48-20211208
  18.0.0-rc.0-next-e28a0db22-20220124
  18.0.0-rc.0-next-e12a9dfc9-20220120
  18.0.0-rc.0-next-d3001fb6f-20211208
  18.0.0-rc.0-next-ceee524a8-20211217
  18.0.0-rc.0-next-cd4eb116c-20220207
  18.0.0-rc.0-next-c09596cc6-20220112
  18.0.0-rc.0-next-bcd24a670-20211221
  18.0.0-rc.0-next-aa8f2bdbc-20211215
  18.0.0-rc.0-next-9a7e6bf0d-20220111
  18.0.0-rc.0-next-848e802d2-20220204
  18.0.0-rc.0-next-811634762-20220110
(Move up and down to reveal more choices)

Check yarn.lock after installation, you should have:

react@^0.0.0:
  version "18.0.0-rc.0-next-fe905f152-20220107"
  resolved "https://registry.yarnpkg.com/react/-/react-18.0.0-rc.0-next-fe905f152-20220107.tgz#0dbc93be2b5ff5df4a353c74bbabfc97e47d8098"
  integrity sha512-eePjzo6pCiwk9iDRYG0Hn5F0p9e7dlLGIys/eeLUCxByHP90rsXg/H/842S6ggBgarcfvRtDu8cAU7kxfLC4MA==
  dependencies:
    loose-envify "^1.1.0"
    object-assign "^4.1.1"

4. run yarn again and get the following logs:

yarn install v1.22.5
[1/4] Resolving packages...
warning Lockfile has incorrect entry for "react@^0.0.0". Ignoring it.
Couldn't find any versions for "react" that matches "^0.0.0"
? Please choose a version of "react" from this list: (Use arrow keys)
> 18.0.0-rc.0-next-fe905f152-20220107
  18.0.0-rc.0-next-fe419346d-20220105
  18.0.0-rc.0-next-fa816be7f-20220128
  18.0.0-rc.0-next-f2a59df48-20211208
  18.0.0-rc.0-next-e28a0db22-20220124
  18.0.0-rc.0-next-e12a9dfc9-20220120
  18.0.0-rc.0-next-d3001fb6f-20211208
  18.0.0-rc.0-next-ceee524a8-20211217
  18.0.0-rc.0-next-cd4eb116c-20220207
  18.0.0-rc.0-next-c09596cc6-20220112
  18.0.0-rc.0-next-bcd24a670-20211221
  18.0.0-rc.0-next-aa8f2bdbc-20211215
  18.0.0-rc.0-next-9a7e6bf0d-20220111
  18.0.0-rc.0-next-848e802d2-20220204
  18.0.0-rc.0-next-811634762-20220110
(Move up and down to reveal more choices)

Why this happens

The package react@0.0.0 does not exist on the npm registry, so yarn prompts a selector for the user to choose a valid version and take record of the resolved version in yarn.lock. However, the lock record is not valid, therefore the prompt appears when the user runs yarn the next time and every time in the future.

Expected Behavior

Yarn should behave more consistently in this scenario - the lock content generated is invalid, but the user is not supposed to manually change yarn.lock.
Although the package.json error in the repro steps is obvious, there are other scenarios where this error is not easy to debug, for example when using a private npm registry, and common versions of well-known packages don't necessarily exist. This is especially destructive when the yarn command needs to be ran in a automated pipeline where it's impossible for a user to choose an alternative version in the command line prompt.

Possible fixes

1. Remind the user to change package.json when the dependencies does not exist, so that yarn.lock will work properly after the first installation.
2. Optimize the log in step 4, which currently is:

warning Lockfile has incorrect entry for "react@^0.0.0". Ignoring it.
Couldn't find any versions for "react" that matches "^0.0.0"

Related Issues

#3817, #3817