Dependency atlassian-forks/fs-write-stream-atomic pulls directly from GitHub and conflicts with firewalls

[matticoli]

🐛 bug report

Duplicate copy of fs-write-stream-atomic in dependency tree pulls directly from a fork on GitHub, and thus can not be installed in environments where installing dependencies from source is not supported

The problematic dependency in yarn.lock:
fs-write-stream-atomic@github:atlassian-forks/fs-write-stream-atomic

parcel/yarn.lock

Line 6197 in 149c00b

"fs-write-stream-atomic@github:atlassian-forks/fs-write-stream-atomic#4edf1a95433a9936229c7f768c9ea9bb5884b487":

The original package, also present in yarn.lock:
fs-write-stream-atomic@^1.0.8

parcel/yarn.lock

Line 6187 in 149c00b

fs-write-stream-atomic@^1.0.8:

At first glance, this was possibly introduced in #4625 which notes that a fork of fs-write-stream-atomic was used. It references the following dependency:

parcel/packages/core/fs/package.json

Line 19 in 149c00b

"fs-write-stream-atomic": "github:atlassian-forks/fs-write-stream-atomic#4edf1a95433a9936229c7f768c9ea9bb5884b487",

🎛 Configuration (.babelrc, package.json, cli command)

N/A as this is a dependency issue when installing parcel@next

🤔 Expected Behavior

Parcel v2 is successfully added to the local project

😯 Current Behavior

Running npm install parcel@next yields the following error:

npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t ssh://git@github.com/atlassian-forks/fs-write-stream-atomic.git
npm ERR!
npm ERR! ssh: connect to host github.com port 22: Resource temporarily unavailable
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
npm ERR!
npm ERR! exited with error code: 128

The environment being used can not install dependencies directly from GitHub for security reasons. The same package installs without issues via the package repository

💁 Possible Solution

Remove duplicate of fs-write-stream-atomic from dependency tree and replace it with a published copy of the package. Admittedly I'm not quite sure how to go about this or what it entails, and I understand it may not be trivial. This may very well just be blocked until npm/fs-write-stream-atomic#22 is merged and the changes in #4625 no longer require a modified version of fs-write-stream-atomic

🔦 Context

This makes parcel unusable in a company setting where packages are installed via an internal artifactory, and can not be pulled directly from GitHub. Not sure how common practice this is but I would assume there is a nonzero number of companies that sandbox their environments in this manner.

🌍 Your Environment

Software	Version(s)
Parcel	2.0.0-alpha.3.2
Node	v12.14.1
npm/Yarn	npm 6.13.4
Operating System	RHEL 7.7 and Ubuntu 18.04.3

[mischnic]

This may very well just be blocked until npm/fs-write-stream-atomic#22 is merged

We are rather pessimistic that that PR will be merged in the near future...

[minimusubi]

I (and one other, on a different machine in a different location) also see this when installing using yarn 2.x with yarn add parcel@next. I don't think it has anything to do with a firewall.

➤ YN0013: │ fs-write-stream-atomic@https://github.com/atlassian-forks/fs-write-stream-atomic.git#commit=4edf1a95433a9936229c7f768c9ea9bb5884b487 can't be found in the cache and will be fetched from GitHub
➤ YN0032: │ @parcel/source-map@npm:2.0.0-alpha.4.11: Implicit dependencies on node-gyp are discouraged
➤ YN0032: │ @parcel/watcher@npm:2.0.0-alpha.5: Implicit dependencies on node-gyp are discouraged
j [HTTPError]: Response code 404 (Not Found)
    at i.<anonymous> (C:\Users\User\Workspace\test\.yarn\releases\yarn-berry.js:10:403654)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:97:5) {
  code: undefined,
  timings: undefined
}

[mischnic]

Maybe it's a bug in Yarn 2?
(Anyway, we'll most likely put that package into the parcel monorepo and publish it to npm as well)