Skip to content

mtlewis/snyk-backstage-plugin-minimal-repro

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
.yarn
.yarn
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.yarnrc.yml
.yarnrc.yml
 
 
README.md
README.md
 
 
backstage.json
backstage.json
 
 
package.json
package.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

snyk-nodejs-lockfile-parser parsing issue minimal repro

This repository demonstrates an issue with parsing yarn lockfiles when using custom plugins that transform version ranges. The repository includes:

  • A vendored installation of yarn 4.5.1
  • The Backstage yarn plugin
  • A dependency on an arbitrary @backstage package, using the backstage:^ version range, support for which is provided by the above plugin.
    • Note that this version range is converted to backstage:1.32.5 in yarn.lock.

To reproduce the issue:

  1. Clone the repo
  2. yarn install
  3. yarn repro (note that this command simply runs src/index.js with node)
  4. Note the OutOfSync error.

Note: If you wish to confirm the minified code in this repo is free of malware, you can recreate the contents of .yarn from scratch by removing the .yarn directory and running the following commands:

  1. yarn set version stable to vendor the latest stable release of yarn
  2. yarn plugin import https://versions.backstage.io/v1/tags/main/yarn-plugin to install the latest stable version of the official Backstage yarn plugin.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages