Installing node modules without a version

[alexwilson]

Do you want to request a feature or report a bug?
bug

What is the current behavior?
Currently if I install a private module, via git/github, the next time yarn.lock is regenerated it will set the version to an empty string e.g.:

thing@semver:
  version ""

If the current behavior is a bug, please provide the steps to reproduce.

sh-3.2$ ls
node_modules	package.json
sh-3.2$ cat package.json
{
  "dependencies": {
    "@test/test": "antoligy/private-npm-package"
  }
}

sh-3.2$ yarn
yarn install v1.3.2
warning package.json: No license field
info No lockfile found.
warning No license field
[1/4] 🔍  Resolving packages...
[2/4] 🚚  Fetching packages...
[3/4] 🔗  Linking dependencies...
[4/4] 📃  Building fresh packages...
success Saved lockfile.
✨  Done in 2.38s.

sh-3.2$ yarn
yarn install v1.3.2
warning package.json: No license field
warning No license field
[1/4] 🔍  Resolving packages...
error Package "@test/test@" doesn't have a "version".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
sh-3.2$

What is the expected behavior?
It should resolve to a version of 0.0.0 (as happens on initial install), allowing for the private module to continue to be resolved. This is for continuity and especially useful with migration away from bower to yarn via bower-away.

Please mention your node.js, yarn and operating system version.

macOS High Sierra

$ yarn -v
1.3.2
$ node -v
v8.9.1

[rally25rs]

As a workaround I assume you can just set a version in your package.json file (or copy/paste it from bower.json to package.json if moving from Bower).

[alexwilson]

Yeah! For the meantime, I've been doing that and it's working okay (sorry I didn't put anything to that effect in the description!).

I've submitted a few PRs to repositories where this is the case (as it is a required property in the package.json spec) however there are no guarantees that they'll all get addressed. On reflection, this issue is super esoteric as it should only really affects bower components using package.json to manage their dev tooling!

[yrral86]

It looks like with this #5318 installation will start to fail. It seems to me it would be better to show a warning and then use 0.0.0 as the version. There are hundreds of dependencies (mostly polymer components) that do not have a version field. Yes, it is a required part of the spec, but breaking existing workflows doesn't seem like a good idea. Yarn works fine and uses a version of 0.0.0 when there is no package.json.

[Lesha-spr]

Any updates on this?

[lbayerl]

Is there any update/workaround for this?

[rally25rs]

no update. As this is an open source project, anyone can pick it up and make a PR to fix this issue. I thought there used to be come somewhere in yarn that would set a missing version to 0.0.0 but maybe it was changed at some point.

[Jabster28]

I thought there used to be come somewhere in yarn that would set a missing version to 0.0.0 but maybe it was changed at some point.

Looks like this line is supposed to do that

[meramsey]

Is there still no update on this very?

Very frustrating there is no way to install via yarn and hence cannot install packages to patch them if they omit the version in monorepo main package.json.