-
Notifications
You must be signed in to change notification settings - Fork 205
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Created VSIX via vsce package --yarn
does not include not-hoisted deep dependency
#432
Comments
The same for me too. Extension cannot be package neither by npm ERR! missing: @babel/parser@7.10.2, required by hegel-language-server@0.0.43
npm ERR! missing: @babel/plugin-proposal-class-properties@7.10.1, required by hegel-language-server@0.0.43
npm ERR! missing: @babel/plugin-proposal-nullish-coalescing-operator@7.10.1, required by hegel-language-server@0.0.43 And so on. |
We faced the same issue with ProblemThe correct For our extension, this happens because we have two different versions of Example projectThe steps that follow can reproduce the issue reliably on
Possible fixesThe issue is in the flattening logic. When we remove the version and then "ignore" all other versions we are potentially using incorrect dependencies. The only way to prevent this is IMO honouring the dependency structure given by yarn and not attempting to flatten it. This can result in very subtle and hard to debug issues. Or production incidents |
How about always using npm instead of yarn for dependency resolution if vsce was using npm >= v7? npm v7 can generate fully deterministic dependency tree based on Someone may feel like a bit strange to use npm even if running |
Let me write down I met this trouble in our extension marp-vscode again. How to reproduce:
The following error would output to developer console if tried to activate created VSIX.
It can fix by adding |
We have the same problem when publish Vetur. |
Any updates on this issue? I have the same problem here, downgrade to 1.76 still seems not to work. |
`semver` is a prod dependency of `vscode-languageclient`. In the old build pipeline, `vscode-languageclient` is declared in `client/package.json`. When yarn installs dependencies in the `client` directory, it will put `semver` next to `vscode-languageclient` in `client/node_modules`. In the new build pipeline, `vscode-languageclient` is declared in root `package.json`. When yarn installs dependencies in the root directory, it chooses not to hoist `semver`, instead puts it in a nested node_modules under `node_modules/vscode-languageclient/node_modules`. There is a bug in vsce that causes it to ignore nested `node_modules`, resulting in a `vsix` build that is broken. The issue is trackeed [here](microsoft/vscode-vsce#432), but it does not look like a fix will come any time soon. For now we should install our dependencies using NPM.
`semver` is a prod dependency of `vscode-languageclient`. In the old build pipeline, `vscode-languageclient` is declared in `client/package.json`. When yarn installs dependencies in the `client` directory, it will put `semver` next to `vscode-languageclient` in `client/node_modules`. In the new build pipeline, `vscode-languageclient` is declared in root `package.json`. When yarn installs dependencies in the root directory, it chooses not to hoist `semver`, instead puts it in a nested node_modules under `node_modules/vscode-languageclient/node_modules`. There is a bug in vsce that causes it to ignore nested `node_modules`, resulting in a `vsix` build that is broken. The issue is trackeed [here](microsoft/vscode-vsce#432), but it does not look like a fix will come any time soon. For now we should install our dependencies using NPM.
`semver` is a prod dependency of `vscode-languageclient`. In the old build pipeline, `vscode-languageclient` is declared in `client/package.json`. When yarn installs dependencies in the `client` directory, it will put `semver` next to `vscode-languageclient` in `client/node_modules`. In the new build pipeline, `vscode-languageclient` is declared in root `package.json`. When yarn installs dependencies in the root directory, it chooses not to hoist `semver`, instead puts it in a nested node_modules under `node_modules/vscode-languageclient/node_modules`. There is a bug in vsce that causes it to ignore nested `node_modules`, resulting in a `vsix` build that is broken. The issue is trackeed [here](microsoft/vscode-vsce#432), but it does not look like a fix will come any time soon. For now we should install our dependencies using NPM.
`semver` is a prod dependency of `vscode-languageclient`. In the old build pipeline, `vscode-languageclient` is declared in `client/package.json`. When yarn installs dependencies in the `client` directory, it will put `semver` next to `vscode-languageclient` in `client/node_modules`. In the new build pipeline, `vscode-languageclient` is declared in root `package.json`. When yarn installs dependencies in the root directory, it chooses not to hoist `semver`, instead puts it in a nested node_modules under `node_modules/vscode-languageclient/node_modules`. There is a bug in vsce that causes it to ignore nested `node_modules`, resulting in a `vsix` build that is broken. The issue is trackeed [here](microsoft/vscode-vsce#432), but it does not look like a fix will come any time soon. For now we should install our dependencies using NPM.
- package using npm (microsoft/vscode-vsce#432) - add .vscodeignore - remove invalid import
Err, open 2 for years, still not fixed? Have two dependencies with different
But only one dependency is present in vsix file:
I'm in awe actually, either say that you don't really support yarn or fix it. |
Think about a simple package like this, developed with yarn 1.22.4:
The creation of extension through
yarn vsce package --yarn
will success, but will fail to activate in VS Code.It would work correctly if created through npm with
yarn vsce package
.I've compared the structure in both of VSIX archives, and noticed the VSIX from yarn has included only a dependency
entities@1.1.2
hoisted from devDependenciess (vsce
->markdown-it@8.4.2
->entities@1.1.2
).Look at the difference of the structure about
entities
package.The extension expects to use a not-hoisted
entities@2.0.0
in dependencies (markdown-it@10.0.0
->entities@2.0.0
), notentities@1.1.2
in vsce's devDependency.In fact, there is not-hoisted
entities@2.0.0
in/node_modules/markdown-it/node_modules
while development even if installed packages by yarn. I suppose the process of packaging via yarn has some wrong.Workaround
An available workaround is just using npm by omit
--yarn
.However, it has not a worth in a few case. The author of extension has to use
--yarn
if usingresolutions
field (only supported in yarn), for resolving some vulnerabilities in deep dependency.vsce package
via npm would throw an error due to the different structure ofnode_modules
between npm and yarn.For example, the following is to fix a vulnerability in deep dependency of Puppeteer v2.1.0 by yarn.
vsce package
using npm will fail by the different structure.Sometimes I've met this trouble in the extension developed by me: marp-team/marp-vscode#35, marp-team/marp-vscode#130 (comment)
UPDATE: npm v7 has shipped with support for
yarn.lock
and can generate fully deterministic dependency tree. Just using npm v7 might not need to worry about incorrect packaging.The text was updated successfully, but these errors were encountered: