Skip to content

Private github repository returns invalid package version #6195

Closed
@vinnymac

Description

@vinnymac

Do you want to request a feature or report a bug?

Bug

What is the current behavior?

I have tested this behavior using the following versions of yarn:

  • 1.5.1
  • 1.6.0
  • 1.9.2

I receive the following output when trying to install my dependency tagged as 0.0.1

> yarn add git+ssh://git@github.com/vinnymac/myprivaterepo.git#0.0.1
yarn add v1.9.2
[1/4] 🔍  Resolving packages...
error Can't add "myprivaterepo": invalid package version undefined.
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.

If I try to use other tags, such as one with characters in them or non-semver compliant tags I get a slightly different message.

> yarn add git+ssh://git@github.com/vinnymac/myprivaterepo.git#v2018.07.16
yarn add v1.9.2
[1/4] 🔍  Resolving packages...
error Can't add "myprivaterepo": invalid package version "2018.07.16".
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.

Trying to regenerate my yarn.lock file results in the same message above.

If I attempt to see if yarn can list my dependency using version 1.9.2 I see this

yarn list | grep myprivaterepo
├─ myprivaterepo@2018.7.16

The lockfile shows my dependency as it was generated by 1.3.2 as the following

"myprivaterepo@git+ssh://git@github.com/vinnymac/myprivaterepo.git#v2018.07.16":
  version "2018.7.16"
  resolved "git+ssh://git@github.com/vinnymac/myprivaterepo.git#60f0759d54cc7ddf9d4c5d55a8de3bbb71cff9e7"
  dependencies:
    chalk "^2.4.1"
    cors "^2.8.4"
    express "^4.16.3"
    http-proxy-middleware "^0.18.0"
    inquirer "^5.2.0"
    node-sass-utils "^1.1.2"
    request "^2.87.0"
    semver "^5.5.0"
    underscore.string "^3.3.4"
    url-regex "^4.1.1"

If the current behavior is a bug, please provide the steps to reproduce.

This is a private repository, otherwise I would share it with you. If you have access to private repositories you can try to create tags identical to the ones above, and see if it works the same for you. Maybe even adding the dependencies I do will help. If you have recommendations for what I can do to more easily create a reproduction, I am open to trying anything.

What is the expected behavior?

I have tested that the expected behavior functions properly using the following versions of yarn:

  • 0.24.6
  • 1.1.0
  • 1.2.1
  • 1.3.2

On these versions of yarn, it finds the package version and installs the dependencies as I would expect. The dependency is added to my yarn.lock file and I currently am using 1.3.2 until I find another version that suites my needs.

Please mention your node.js, yarn and operating system version.

System Details

NodeJS - v8.11.1 (I've tested v7 and v6 as well)
Yarn - v1.9.2
macOS - 10.13.6

I have been able to reproduce this on more than one machine, I attempted 5 different machines, all were running 10.13 variants.

If this is a duplicate issue, I apologize as I tried to search through and see if anyone had anything similar posted, but could not find one.

Activity

rally25rs

rally25rs commented on Aug 1, 2018

@rally25rs
Contributor

I think the "version" it is complaining about is from package.json. Does your repo contain a package.json that has the version field?

vinnymac

vinnymac commented on Aug 1, 2018

@vinnymac
Author

@rally25rs looks like that is indeed what it is referring to.

For tag 0.0.1 my version is missing from the package.json, so that explains the undefined.

For tag v2018.07.16 my version in package.json is

"version": "2018.07.16",

Why does it say that 2018.07.16 is an invalid package version?
Do the tags and version need to be identical for yarn to function properly?
I can attempt that and see what happens.

EDIT:

So it looks like they don't need to be identical, but they have to be semver? I tried

> yarn add git+ssh://git@github.com/vinnymac/myprivaterepo.git#v0.8.0

and it installed version myprivaterepo@0.8.0 where the package.json version was 0.8.0 using v1.9.2 of yarn.

rally25rs

rally25rs commented on Aug 1, 2018

@rally25rs
Contributor

Ah, so it looks like official semver doesn't consider 07 to be valid.

According to npm's semver package:

~/Projects/yarn-test 🐒   yarn add semver
yarn add v1.7.0
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
success Saved 1 new dependency.
info Direct dependencies
└─ semver@5.5.0
info All dependencies
└─ semver@5.5.0
✨  Done in 0.79s.

~/Projects/yarn-test 🐒   node
> const s = require('semver')
undefined
> s.valid('2018.07.16')
null
> s.valid('2018.7.16')
'2018.7.16'

This is what is leading to the message

invalid package version "2018.07.16".

vinnymac

vinnymac commented on Aug 1, 2018

@vinnymac
Author

I think the following improvements could be made to yarn in that case.

  1. For the tag 0.0.1 it could have instead said could not find field 'version' in package.json, which is much clearer in my opinion.
  2. For non-semver versions, I think it would be a worthwhile improvement to state somewhere in the docs that only semver versions are supported. If you attempt to use a non-semver version, it could instead say why it is an invalid package version.
  3. Installing dependencies with non-semver versions in NPM work fine, so it is a bummer that it stopped working here.

As a side note this appears to be related to npm/node-semver#232

lieutenantken

lieutenantken commented on Jun 8, 2020

@lieutenantken

@vinnymac You are a god or at least a lower deity for discovering that package.json requirement for version! THANK YOU

ltfschoen

ltfschoen commented on Jun 29, 2020

@ltfschoen

I'm using yarn v1.22.4.
I tried to modify a dependency of my repo here https://github.com/DataHighway-DHX/faucet/blob/master/package.json#L21 to be a branch of another Github repo by changing it to "@truffle/hdwallet-provider": "git://github.com/ltfschoen/truffle.git#14.0.6", and alternative I also tried running yarn add git://github.com/ltfschoen/truffle.git#14.0.6. I tried replacing #14.0.6with#v14.0.6andmasteranddevelop` (branches), but all return output:

error Couldn't find match for "14.0.6" in "refs/heads/alphaTez, ... refs/tags/@truffle/hdwallet-provider@1.0.36, ..."

But if I then run instead yarn add git://github.com/ltfschoen/truffle.git#refs/tags/@truffle/hdwallet-provider@1.0.36, it fails with the same error.
Note that @truffle/hdwallet-provider is a package within the https://github.com/ltfschoen/truffle repository (i.e. https://github.com/ltfschoen/truffle/blob/develop/packages/hdwallet-provider/package.json)

augnustin

augnustin commented on Mar 23, 2021

@augnustin

Fixed this issue by adding #master at the end of the git URL.

yaizudamashii

yaizudamashii commented on Jul 26, 2021

@yaizudamashii

I see this issue with valid semver
"google-caja-bower": "https://github.com/acburdine/google-caja-bower#ghost",

and the project's package.json's version is "6011.0.0"

rally25rs

rally25rs commented on Jul 26, 2021

@rally25rs
Contributor

@yaizudamashii I do not get an error when using that github reference as a dependency.

~/Projects/yarn-test 🐒   cat package.json
{
  "name": "yarn-test",
  "version": "1.0.0",
  "main": "index.js",
  "license": "MIT",
  "dependencies": {
    "google-caja-bower": "https://github.com/acburdine/google-caja-bower#ghost"
  }
}

~/Projects/yarn-test 🐒   yarn install
yarn install v1.22.5
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 🔨  Building fresh packages...

✨  Done in 0.07s.

~/Projects/yarn-test 🐒   ls node_modules/
google-caja-bower
rally25rs

rally25rs commented on Jul 26, 2021

@rally25rs
Contributor

Closing this issue as the original cause was found to be a missing version in package.json, or a version whose value is not valid according to the semver library.

felicio

felicio commented on Feb 17, 2023

@felicio

I'm using yarn v1.22.4. I tried to modify a dependency of my repo here https://github.com/DataHighway-DHX/faucet/blob/master/package.json#L21 to be a branch of another Github repo by changing it to "@truffle/hdwallet-provider": "git://github.com/ltfschoen/truffle.git#14.0.6", and alternative I also tried running yarn add git://github.com/ltfschoen/truffle.git#14.0.6. I tried replacing #14.0.6with#v14.0.6andmasteranddevelop` (branches), but all return output:

error Couldn't find match for "14.0.6" in "refs/heads/alphaTez, ... refs/tags/@truffle/hdwallet-provider@1.0.36, ..."

But if I then run instead yarn add git://github.com/ltfschoen/truffle.git#refs/tags/@truffle/hdwallet-provider@1.0.36, it fails with the same error. Note that @truffle/hdwallet-provider is a package within the https://github.com/ltfschoen/truffle repository (i.e. https://github.com/ltfschoen/truffle/blob/develop/packages/hdwallet-provider/package.json)

@ltfschoen please, were you able to resolve your use case? In my case, yarn@1.22.19 throws for a package which repository is a forked monorepo. Using npm@8.19.2 works fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @rally25rs@vinnymac@augnustin@ltfschoen@yaizudamashii

      Issue actions

        Private github repository returns invalid package version · Issue #6195 · yarnpkg/yarn