Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Yarn doesn't properly check integrity if node_modules is cached #380

Closed
glebec opened this issue Mar 6, 2017 · 3 comments
Closed

Yarn doesn't properly check integrity if node_modules is cached #380

glebec opened this issue Mar 6, 2017 · 3 comments

Comments

@glebec
Copy link

glebec commented Mar 6, 2017

Yarn has a significant bug, as I mention on yarnpkg/yarn#2240 (comment): yarn install / yarn currently does not do a proper integrity check of the node_modules folder. If there's already a node_modules (containing a yarn.integrity), and the content of those node_modules is changed (or packages are moved between dependencies and devDependencies) without going through yarn or npm itself, then doing a yarn install will claim everything is up to date, even if that is false.

This impacts heroku-buildpack-nodejs because this buildpack caches node_modules and copies it in on deployment. If packages have moved from devDependencies to dependencies, the yarn installation step falsely claims everything is already up to date (even though there are actually missing deps), the project is built, and anything that uses those new dependencies will throw an error.

This can be mitigated in the meantime by turning off caching, meaning node_modules is not restored, which in turn means that yarn will re-generate node_modules from scratch (possibly using its own cache, which is fine and should still be more performant than npm).

heroku config:set NODE_MODULES_CACHE=false

Ideally of course, yarn will be fixed, in which case heroku-buildpack-nodejs should work fine as-is (at least as far as this issue is concerned). In the meantime:

  • individual users may disable caching as mentioned above
  • this buildpack might automatically disable node_modules caching for projects with a yarn.lock as a temporary workaround

Possibly related issues: #372, #377
@glebec glebec mentioned this issue Mar 6, 2017
Closed
@hunterloftis
Copy link
Contributor

Hi @glebec thanks for the issue - we have already tried replacing node_modules caching with yarn's global cache; however, that caused such enormous build time increases for the majority of users that we reverted it.

Users who run into this issue with yarn can opt-out of caching either temporarily or permanently, but disabling it for everyone wasn't a successful option.

@glebec
Copy link
Author

glebec commented Mar 6, 2017

Thanks for the context @hunterloftis. Let's all hope for yarn to get fixed soon.

@imbstack imbstack mentioned this issue Mar 13, 2017
Merged
@glebec
Copy link
Author

glebec commented May 11, 2017

@hunterloftis — apparently there is an undocumented yarn install --check-files option which may fix this? See yarnpkg/yarn#2240 (comment).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hunterloftis @glebec