Incorrect package install version

Question

Incorrect package install version

msaglietto opened this issue 8 years ago · 3 comments

Do you want to request a feature or report a bug?

Bug

What is the current behavior?
Running yarn with "bootstrap-loader": "^2.0.0-beta.20", install "bootstrap-loader": "^2.0.0-export.1",

If the current behavior is a bug, please provide the steps to reproduce.

Create the following package.json

{
  "name": "test",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "bootstrap-loader": "^2.0.0-beta.20"
  }
}

run yarn

What is the expected behavior?
Install version "bootstrap-loader": "^2.0.0-beta.20",
As npm does

Please mention your node.js, yarn and operating system version.
node v6.9.2
yarn v0.19.1

If you check the information on the package npm view bootstrap-loader versions dist-tags
versions: [ '0.0.1', ... '2.0.0-beta.20', '2.0.0-exports.1' ],
2.0.0-exports.1 is the last on the array of versions but the lastest version is
'dist-tags': { latest: '2.0.0-beta.20', 'ver0.1.0-beta1': '0.1.0-beta1' },

Answer 1 · 2017-10-26T13:26:28.000Z

Just tried this with Yarn 1.2.1 and it seems worse:

in package.json:

  "dependencies": {
    "bootstrap-loader": "^2.0.0-beta.20"
  }

then run yarn install

yarn.lock gets 2.2.0:

bootstrap-loader@^2.0.0-beta.20:
  version "2.2.0"

Answer 2 · 2017-10-26T13:34:29.000Z

On second thought, maybe this is correct in 1.2.1? According to NPM semver:

> const semver = require('semver');
> new semver.Range('^2.0.0-beta.20').range;
'>=2.0.0-beta.20 <3.0.0'
> semver.satisfies('2.2.0', '^2.0.0-beta.20');
true

I originally thought that because there was a -beta at the end, it would constrain the versions to only other pre-release tags, but I guess not.

NPM 5.5 also installs v 2.2.0 for this package.json, same as Yarn.

In that case, I think this is working as intended in Yarn v1.2.1.

If this is still an issue then it is likely due to the resolution of the prerelease tags, which has several duplicates open also, see #3560

Going to close this for now...

Answer 3 · 2018-06-20T01:30:47.000Z

Hi, I seem to have encountered the same problem.

In my case the webpack version is 4.3.0 in package.json and installed package is 4.12.0 in node_modules/webpack/package.json.

yarn version 1.7.0

If npm install the package installed is correct.

So I don't know if should I switch from npm to yarn.

Thanks for your help