Skip to content

Canary version build fetched when using pnpm/yarn 1 #3863

New issue
New issue
Closed
Closed
Canary version build fetched when using pnpm/yarn 1#3863
@hatchling13

Description

@hatchling13
hatchling13
opened on Mar 13, 2023

In a nutshell

When using pnpm or yarn classic as a package manager, a deprecated canary version build of graphql is resolved. This happens when you prefix the latest version with a tilde("~17.0.0-alpha.2") or a caret("^17.0.0-alpha.2") in package.json.

Details

I found this bug when I tried to follow the "Tutorial Intro" of the brand-new Relay Documentation. I can reproduce this by just initializing an empty package, add [email protected] as a dependency with the semver prefix(^ or ~), and hit pnpm install or yarn. I've tried this method in Windows 10 22H2(OS build 19045.2604) and macOS Ventura13.1

package.json

{
  "name": "graphql-resolve-test",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "graphql": "^17.0.0-alpha.2"
  }
}

pnpm 7.29.1(latest)

PS D:\Works\misc\graphql-pnpm-test> pnpm install
 WARN  deprecated graphql@17.0.0-alpha.2.canary.pr.3791.e6d3ec58026d75b71b7b84c3da5f376ec7eeca94: You are using canary version build from https://github.com/graphql/graphql-js/pull/3791, no gurantees provided so please use your own discretion.
Packages: +1
+
Packages are hard linked from the content-addressable store to the virtual store.
  Content-addressable store is at: D:\.pnpm-store\v3
  Virtual store is at:             node_modules/.pnpm
Progress: resolved 1, reused 1, downloaded 0, added 1, done

dependencies:
+ graphql 17.0.0-alpha.2.canary.pr.3791.e6d3ec58026d75b71b7b84c3da5f376ec7eeca94 deprecated

Done in 808ms

yarn 1.22.19(classic)

PS D:\Works\misc\graphql-pnpm-test> yarn install
yarn install v1.22.19
info No lockfile found.
[1/4] Resolving packages...
warning graphql@17.0.0-alpha.2.canary.pr.3791.e6d3ec58026d75b71b7b84c3da5f376ec7eeca94: You are using canary version build from https://github.com/graphql/graphql-js/pull/3791, no gurantees provided so please use your own discretion.
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 0.48s.

You can find the PR that published this canary version here.

Has anyone encountered the same situation as me, or is this intended?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions