Allow selective resolution of top-level dependencies

[jacobq]

Do you want to request a feature or report a bug?
I am actually not sure whether this is a request for a new feature or a bug because the documentation seems ambiguous to me.

What is the current behavior?
If I have a project whose package.json specifies devDependencies.something = '1.0.0' and resolutions.something = 'https://github.com/user/repo.git#commit-hash' and run yarn then the installed node_modules will reflect the 1.0.0 specification and not honor the resolution.

What is the expected behavior?
I would've expected yarn to override the specification using the resolution.

You may be wondering, "Why not just specify that requirement directly?" Well, the answer is that in this case it breaks code outside of my control: electron-forge requires the consumer to specify an "exact version" of electron-prebuilt-compile, but the author of the electron-prebuilt-compile package has not yet published an up-to-date release on npm, so I would like to use my fork instead.

System info:

$ yarn -v
1.6.0-20180309.0951
$ uname -a
Linux fractal 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64 GNU/Linux

[rally25rs]

Resolutions currently only apply to transitive deps, not direct ones (because if you needed to resolve your direct dep, then you would just set it that way instead of use a resolution).

I don't see much of a way around the exact version check by electron-forge. You could fork electron-forge and remove the check, but that seems like a lot of effort. Not sure how else to work around that.

I'll tag this as a feature request, but it's certainly a bit of an odd case to be forced to use a specific version but not actually want that version. You are welcome to work up a PR if you have the time... of course forking electron-forge to modify their script would probably be easier than adding the feature to yarn 😆

[jacobq]

Fair enough (and actually I did start an electron-forge PR too, but it'll be a while before that makes its way into my projects). Would you perhaps consider updating the "Selective dependency resolutions" docs to reflect your comments just now (or sharing a better reference than the page I linked above if they already exist somewhere)?

Yarn supports selective version resolutions, which lets you define custom package versions inside your dependencies through the resolutions field in your package.json file.

☝️ does not make it clear that resolutions currently only apply to transitive dependencies.

As for my immediate needs, I guess I'm just going to wait for electron-prebuilt-compile to get updated. Otherwise I might find myself taking things to the next level of craziness like setting up my own, local npm registry to work around this 😈

[MarshallOfSound]

@jacobq Which version of electron-prebuilt-compile do you need?

[jacobq]

@MarshallOfSound Any 2.x newer than 2.0.0-beta.1, latest beta prefered. (See electron-userland/electron-prebuilt-compile#61 and electron-userland/electron-prebuilt-compile#58)