Posted in Uncategorized

Undeterministic version sort order in lockfile

   February 24, 2021  1 Comment on Undeterministic version sort order in lockfile

Do you want to request a feature or report a bug?

Bug

What is the current behavior?

If a transitive dependency version is specified using X (e.g. 3.X.X) in multiple dependencies (and inconsistently, sometimes ‘x’) then lowercase and uppercase version are sorted randomly in the lockfile. This results in unwanted changes to the yarn.lock file (and git marking it dirty)

If the current behavior is a bug, please provide the steps to reproduce.

git clone https://github.com/csabapalfi/yarn-undeterministic-sort
yarn 
rm -rf node_modules && yarn

Repeat the last step a few times and you should see the yarn.lock file changing even if it doesn’t need to.

What is the expected behavior?

Depency version are always sorted the same way.

https://github.com/yarnpkg/yarn/blob/master/src/util/misc.js#L5 should work without lowercasing first but I’m not sure if any other usages of it depend on that.

Please mention your node.js, yarn and operating system version.

  • yarn: 0.16.1
  • node: v6.7.0, v6.9.0
  • OSX: 10.11.6, 10.12

Author: Fantashit

1 thought on “Undeterministic version sort order in lockfile

  1. Yikes – @bestander and I are getting different results for this snippet on different machines.

    var str = [
  'babel-plugin-transform-es2015-parameters@^6.5.0',
  'babel-plugin-transform-es2015-parameters@6.x',
  'babel-plugin-transform-es2015-parameters@^6.7.0',
  'babel-plugin-transform-es2015-parameters@^6.8.0',
  'babel-plugin-transform-es2015-parameters@~6.8.0',
  'babel-plugin-transform-es2015-parameters@6.8.0',
];

function sortAlpha(a, b) {
  // sort alphabetically
  return a.toLowerCase().localeCompare(b.toLowerCase());
}

console.log(str.slice().sort(sortAlpha))

Comments are closed.