如何使用`yarn`覆盖嵌套依赖项? [英] How do I override nested dependencies with `yarn`?

问题描述

如果我的包有这些依赖

{ "name": "my-package",依赖项":{foobar":~1.0.3"，baz":2.0.9"}

foobar 包有这些依赖

{ "name": "foobar",依赖关系":{baz":^2.0.0"}

而最近发布的baz版本是2.1.0，第一次运行yarn会安装baz@2.1.0 在 foobar/node_modules 中.

如何强制 yarn 使用 baz@2.0.9 包用于 foobar?

我的理解是，这可以使用 npm shrinkwrap(a la 这个问题).

<小时>

我的问题的总结可能是:Yarn 创建可重复的、确定性的安装，但我如何自定义该安装?

解决方案

如果您确实有一个子依赖项对其接受的版本过于严格，您可以使用纱.

更新 Yarn 现在，从 1.0 开始，正式支持分辨率"块.因此，覆盖分辨率的方法是将这样的块添加到 package.json:

决议":{"package-a": "2.0.0",包-b":5.0.0"，包-c":1.5.2"}

有时您会收到不兼容"版本的警告，但我发现某些软件包(如 socket.io)对它们接受的版本的限制过度，因此我很乐意选择最新版本，当它实际上没有破坏事物时.

下面的原始但过时的答案.

听起来最初的问题并不完全正确，但最初的问题实际上是我想要回答的问题，我找到了答案，所以这里是为了后代:>

我正在使用 socket.io 库，它有 component-emitter 作为依赖项.但它有一对它需要的版本.这是我更改任何内容之前 yarn.lock 文件的样子:

component-emitter@1.1.2:版本1.1.2"解决了https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.1.2.tgz#296594f2753daa63996d2af08d15a95116c9aec3"组件发射器@1.2.0:版本1.2.0"解决了https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.2.0.tgz#ccd113a86388d06482d03de3fc7df98526ba8efe"

所以它在我的客户端代码中包含了组件发射器的两个副本.我看了看，在 1.1.2 和 1.2.0(或当前的 1.2.1)之间似乎没有任何重大变化.我首先尝试更改 yarn.lock 文件:

component-emitter@1.2.1、component-emitter@^1.2.1、component-emitter@1.1.2:版本1.2.1"解决了https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.2.1.tgz#137918d6d78283f7df7a6b7c5a63e140e69425e6"

这行得通，但文件有关于它正在自动生成的警告，这意味着我添加的每个更新或新包都会踩到这个更改.稍微搜索一下发现了yarn --flat 选项，它会强制yarn 在整个项目中选择不超过一个包.这对我来说似乎有点矫枉过正，因为我确信新旧软件包之间存在不兼容的实际情况.我只是想从我的客户端代码中删除一个多余的包，使下载更小；我仍然希望开发包能够正常工作.

但在文档中 yarn --flat 我在 package.json 中找到了对resolutions"块的引用:

决议":{"package-a": "2.0.0",包-b":5.0.0"，包-c":1.5.2"}

所以我尝试将 "component-emitter" : "1.2.1" 放在 package.json 中一个新的resolutions"块中，它实际上将 component-emitter 扁平化为 1.2.1对于所有需要它的地方，现在我的客户端代码中只有一个副本.

(现在yarn完全支持resolutions块，所以你甚至不需要使用--flat.)

If my package has these dependencies

{ "name": "my-package",
  "dependencies": { "foobar":"~1.0.3", "baz":"2.0.9" }

And the foobar package has these dependencies

{ "name": "foobar",
  "dependencies": { "baz":"^2.0.0" }

and the most recently released version of baz is 2.1.0, the first run of yarn will install baz@2.1.0 in foobar/node_modules.

How do I force yarn to use the baz@2.0.9 package for foobar?

My understanding is that this would be possible using npm shrinkwrap (a la this question).

---

The summary of my question probably is: Yarn creates repeatable, deterministic installations, but how do I customize that installation?

解决方案

If you do in fact have a sub-dependency that is overly restrictive in what versions it will accept, you can override them using yarn.

UPDATED EDIT: Yarn now, as of 1.0, officially supports the "resolutions" block. So the way to override resolutions is to just add a block like this to package.json:

"resolutions": {
      "package-a": "2.0.0",
      "package-b": "5.0.0",
      "package-c": "1.5.2"
}

You'll get warnings for "incompatible" versions sometimes, but I find that some packages (like socket.io) are overly restrictive in what version they accept, and so I'll happily select the latest version when it doesn't actually break things.

Original but outdated answer below.

It sounds like the original question wasn't exactly correct, but the original question was in fact the one I wanted answered, and I found an answer, so here it is for posterity:

I'm using the socket.io library, and it has component-emitter as a dependency. But it has a pair of versions that it requires. This is what the yarn.lock file looked like before I changed anything:

component-emitter@1.1.2:
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.1.2.tgz#296594f2753daa63996d2af08d15a95116c9aec3"

component-emitter@1.2.0:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.2.0.tgz#ccd113a86388d06482d03de3fc7df98526ba8efe"

So it was including two copies of the component emitter in my client code. I looked, and there didn't appear to be any breaking changes between 1.1.2 and 1.2.0 (or 1.2.1, which was current). I first tried just changing the yarn.lock file:

component-emitter@1.2.1, component-emitter@^1.2.1, component-emitter@1.1.2:
  version "1.2.1"
  resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.2.1.tgz#137918d6d78283f7df7a6b7c5a63e140e69425e6"

This worked, but the file has warnings about it being autogenerated, meaning that every single update or new package I add will stomp on this change. A bit of searching found the yarn --flat option, which will force yarn to choose no more than one of each package in the entire project. That seems like overkill to me, since I'm sure there are actual cases of incompatibility between older and newer packages. I just wanted to eliminate a redundant package from my client code, to make the download smaller; I still want the development packages to all work correctly.

But in the docs to yarn --flat I found a reference to a "resolutions" block that can go in package.json:

"resolutions": {
  "package-a": "2.0.0",
  "package-b": "5.0.0",
  "package-c": "1.5.2"
}

So I tried putting "component-emitter" : "1.2.1" in a new "resolutions" block in my package.json, and it in fact flattened component-emitter to 1.2.1 for all places that required it, and now I have only one copy in my client code.

(And now the resolutions block is completely supported in yarn, so you don't even need to use --flat.)

这篇关于如何使用`yarn`覆盖嵌套依赖项?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！