Yarn.lock patch #46
Yarn.lock patch #46
Conversation
|
/cc @chrismwendt |
|
@zimbatm so the idea behind this is to offer this as an extra binary that people can use to fix their yarn.lock? |
|
yeah but it's a bit hackish. We should probably ask upstream to fix that |
|
When I run @@ -67,6 +72,6 @@ let json = lockfile.parse(file)
var pkgs = values(json.object);
Promise.all(pkgs.map(updateResolvedSha1)).then(() => {
- let fileAgain = lockfile.stringify(json);
+ let fileAgain = lockfile.stringify(json.object);
console.log(fileAgain);
}) |
bin/yarn2nix-fix-sha1.js
Outdated
| }; | ||
|
|
||
| function updateResolvedSha1(pkg) { | ||
| let [url, sha1] = pkg.resolved.split("#", 2) |
There was a problem hiding this comment.
This fails on local file dependencies. For example, here's a dependency from yarn.lock without a resolved field:
gojs@./lib/gojs:
version "1.7.14"
Returning early works: if (!pkg.resolved) { return Promise.resolve(); }
There was a problem hiding this comment.
thanks! I don't think that local dependencies are supported right now but it's not an excuse to break the generation. Fixed in c2962f2
|
Thanks @chrismwendt |
|
@zimbatm could you add a small section on the README.md? Bullet-point style docs are fine with me. We should just hint to people that this is possible in. |
|
Do you also need to change this part now that there's a --- a/bin/yarn2nix.js
+++ b/bin/yarn2nix.js
@@ -64,7 +64,7 @@ function yarnToAst(lockedDependencies) {
if (/codeload.github.com.*tar.gz\//.test(dep["resolved"])) {
url = dep["resolved"];
sha1 = cp.execSync("curl -sS " + url + " | shasum | cut -d \" \" -f 1").toString().trim();
- var matches = /tar.gz\/(.*)/.exec(url);
+ var matches = /tar.gz\/(.*)#/.exec(url);
file_name = matches[1];
} else {
url = dep["resolved"].split("#")[0]; |
|
actually this part can be skipped now that we have the hash |
|
I am going to integrate this into the main yarn2nix executable.
What do you think? |
For resources loaded directly from github, add the missing SHA1 when invoking yarn2nix. yarn doesn't touch entries unless they are modified directly so it should only be needed when bumping the dependencies directly. Ideally this would be supported by upstream.
zimbatm
force-pushed
the
yarnlock-fix
branch
from
c2962f2
to
a9cf17c
Compare
|
This change breaks backward-compatibility as the lockfile is now passed as a value to the |
In some cases like for github dependencies, the yarn.lock resolved url is generated without the sha1. This prevents yarn2nix to do it's magic. #45 is related to that.
This script goes over all the resolved urls and adds back the sha1 if it's missing. Yarn seems to not mind the additional sha1 and will only remove it if that dependency gets bumped.
Right now it's just a prototype. Ideally this should be pushed upstream so that yarn generates yarn.lock files that are useful to us directly.