'lerna add' creates dependency on '^undefined' tag if package.json is missing version

[DLehenbauer]

If package 'foo' does not have a "version" field in it's package.json, lerna add foo --scope bar will add the following to bar's package.json:

  "dependencies": {
    "foo": "^undefined",
  }

...and then crash, leaving the project in a broken state until the invalid tag is manually cleaned up.

Expected Behavior

Verify that version is valid before modifying package.json and emit a polite error if necessary.

Current Behavior

$ npx lerna add foo --scope bar
lerna notice cli v3.5.0
lerna ERR! Error: Invalid tag name "^undefined": Tags may not have any characters that encodeURIComponent encodes.
lerna ERR!     at invalidTagName (.../node_modules/npm-package-arg/npa.js:87:15)
lerna ERR!     at fromRegistry (.../node_modules/npm-package-arg/npa.js:290:13)
lerna ERR!     at Function.resolve (.../node_modules/npm-package-arg/npa.js:77:12)
lerna ERR!     at Object.keys.forEach.depName (.../node_modules/@lerna/package-graph/index.js:109:30)
lerna ERR!     at Array.forEach (<anonymous>)
lerna ERR!     at PackageGraph.forEach (.../node_modules/@lerna/package-graph/index.js:103:38)
lerna ERR!     at Map.forEach (<anonymous>)
lerna ERR!     at new PackageGraph (.../node_modules/@lerna/package-graph/index.js:92:10)
lerna ERR!     at chain.then.packages (.../node_modules/@lerna/command/index.js:237:27)
lerna ERR! lerna Invalid tag name "^undefined": Tags may not have any characters that encodeURIComponent encodes.

$npx lerna bootstrap
(same as above)

Possible Solution

Seems like a pretty easy fix to vet version before modifying bar/package.json

Steps to Reproduce (for bugs)

1. Start w/a simple lerna repro
2. Remove "version" filed from one package's package.json
3. Add a new dependency via 'npx lerna add foo --scope bar'
4. Note that `npx lerna bootstrap' also now fails.

lerna.json

{
  "packages": [
    "packages/*",
  ],
  "version": "0.1.0"
}

Context

Small amount of time figuring out the cause of the error (foo/package.json), followed by a small amount of time figuring out that (bar/package.json) had been modified/corrupted.

Your Environment

Executable	Version
lerna --version	3.5.0
npm --version	5.6.0
node --version	v8.11.4

OS	Version
NAME	VERSION
macOS Sierra	10.13.6

[evocateur]

Ugh, I wish I never allowed a lerna-managed package.json to omit the version field. It's a dirty hack for people who don't want to version private packages (which is irrelevant anyway because they're never published). I agree lerna add should validate that for a local package.

[lock]

This thread has been automatically locked because there has not been any recent activity after it was closed. Please open a new issue for related bugs.