[Bug] dlx on packages with a single binary doesn't execute it if the name doesn't match the package

[IT-CASADO]

• I'd be willing to implement a fix

Describe the bug

I cannot run yarn dlx @yarnpkg/pnpify --sdk vscode with a private registry on Azure Artifacts.

Internal Error: Binary not found (pnpify) for root-workspace-0b6124@workspace:.

To Reproduce (Sherlock)

const installPromise = packageJsonAndInstall({
  dependencies: {
  },
});

// arrange private registry
await yarn(`config`, `set`, `npmRegistryServer`, `https://pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry`);

await yarn(`config`, `set`, `npmRegistries["//pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry"].npmAlwaysAuth`, `true`);
await yarn(`config`, `set`, `npmRegistries["//pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry"].npmAuthIdent`, `eWFybi1idWdzOnM2Z2o3b3IzZGNicTY1cHVyZHdoZ282bnNoNnljZHRzMm43ZXZ3dG55YW8zc2lmb2F0bWE=`);

// act
const output = await yarn(`dlx`, `@yarnpkg/pnpify`, `--sdk`, `vscode`);

// assert
expect(output).not.stringContaining(`Internal Error: Binary not found (pnpify) for root-workspace`);

To Reproduce (Manual)

1. .yarn.yml

npmRegistries:
  //pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry:
    npmAlwaysAuth: true
    npmAuthIdent: eWFybi1idWdzOnM2Z2o3b3IzZGNicTY1cHVyZHdoZ282bnNoNnljZHRzMm43ZXZ3dG55YW8zc2lmb2F0bWE=

npmRegistryServer: "https:////pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry"

2. package.json

{
  "name": "SomeProject",
  "description": "Some project",
  "license": "MIT",
  "author": "Author",
  "version": "0.0.1",
  "devDependencies": {
    "typescript": "^4.0.3"
  }
}

Or use this GITHUB repository: https://github.com/IT-CASADO/yarn_issue_2013_repro

Side notes
My authentication must be fine, because I can run yarn npm publish without any errors and I can see the published package on my private repository.

The used registry on Azure and the token (read-only) exists only for this bug. So there is no security issue here!

Using the default NPM repository works fine for me.

Environment if relevant (please complete the following information):

• OS: [Windows]
• Node version [10.18.3]
• Yarn version [2.3.3]

[darthtrevino]

This occurs on any project where the monorepo root has private: true

[IT-CASADO]

This occurs on any project where the monorepo root has private: true

I'm using the wrong word "repository"! My repository is public, but I'm using a private registry (Azure Artifacts).
Sorry for the confusion!

[darthtrevino]

I'm just saying that I ran into this on a project that was using a public registry. I don't think the Azure piece was triggering this bug.

Removing 'private: true' from the top level package before installing the SDKs was a usable workaround

[arcanis]

I'll need a repro, because it works here (tested on this very repository).

[darthtrevino]

https://github.com/darthtrevino/yarn_issue_2013_repro

[darthtrevino]

So it looks like this repro works as expected if you add 'typescript' as a devDependency. Yesterday the behavior I was seeing was that it would behave like this even with TypeScript as a devDependency.

I could be wrong though, maybe I'm gaslighting myself.

I remember for sure removing "private: true", and then the SDKs rolled in.

[darthtrevino]

It would be nice if you could tool SDKs through the CLI, maybe something like

yarn dlx @yarnpkg/pnpify --sdk vscode --toolchain typescript prettier

In my projects I'm driving prettier through a build package, not as a direct dep. In order to get the Yarn SDK I need to add prettier as a devDep temporarily.

[IT-CASADO]

Hi all, thanks for quick response.

I'm currently preparing some stuff in my Azure Devops (private registry for a dedicated user so that I can create a npmAuthIdent that I can make public.

I will use your repository for this by changing the configuration...

[IT-CASADO]

I cloned your repository and added following to .yarn.yml:

npmRegistries:
  //pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry:
    npmAlwaysAuth: true
    npmAuthIdent: eWFybi1idWdzOnM2Z2o3b3IzZGNicTY1cHVyZHdoZ282bnNoNnljZHRzMm43ZXZ3dG55YW8zc2lmb2F0bWE=

npmRegistryServer: "https://pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry"

Then I see immediately my error!

[IT-CASADO]

[darthtrevino]

You'll want to edit your comment so that other viewers won't get access to your private NPM.

Is your azure artifact registry set up to mirror NPM for other packages? This issue may be with Azure.

You may also consider using Azure private registries only for specific scopes (e.g.. @my-super-secret-project/library).

[IT-CASADO]

The token in npmAuthIdent is for a specific user with restricted scope to a specific project only in my Azure DevOps for the purpose of this bug. So its fine for now, but I will revoke my token in the next days...

Yes, NPM is mirrored as an upstream source for my artifact repository.

[IT-CASADO]

@darthtrevino Did you see the same error after adding my registry configuration?

[darthtrevino]

I do, but I think this is a different issue than the issue filed. This looks like an issue with dlx. As a workaround you may want to do the following:

• Comment out your private azure repo config
• Add typescript and prettier as dev dependencies to the top level workspace
• pnpify the repository, verifying that the typescript, prettier SDKs are loaded in and that the VSCode settings are changed
• commit the sdk files and uncomment out your private registry settings

[IT-CASADO]

I used your workaround already and it is working so far.

I doesn't know if the issue is related to private azure registry, but this is the only relevant setting for my issue.

Let me know, if I can provide you with more details.
And please let me know if you still need my npmAuthIdent!

[arcanis]

Ahh I know what happens. When using dlx we copy the configuration from your project, but not from any parent folders. As a result, the token isn't available anymore when Yarn runs inside the temporary dlx directory.

As a workaround, I believe you can move your token into the ~/.yarnrc.yml file (from the home folder), which I think will work as you would expect.

[IT-CASADO]

@arcanis
I think you are talking here to a different issue (#1998).
In this scenario I see:

➤ YN0027: @yarnpkg/pnpify@unknown can't be resolved to a satisfying range:
Internal Error: Invalid authentication (as an anonymous user)

If I copy my token to the project configuration or ~/.yarnrc.yml then I see the error:
Internal Error: Binary not found (pnpify) for root-workspace-0b6124@workspace:.

[yarnbot]

The reproduction case in your issue seems broken (ie it neither pass nor fail due to throwing an unmanaged exception):

Error: Command failed: /usr/bin/node /github/workspace/scripts/actions/../run-yarn.js install

➤ YN0000: ┌ Resolution step
::group::Resolution step
➤ YN0041: │ typescript@*: Invalid authentication (as an unknown user)
::endgroup::
➤ YN0000: └ Completed in 1s 708ms
➤ YN0000: Failed with errors in 1s 712ms

    at ChildProcess.exithandler (child_process.js:303:12)
    at ChildProcess.emit (events.js:315:20)
    at maybeClose (internal/child_process.js:1021:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:286:5)

Remember: any non-Jest exceptions will cause the test to be reported as broken. If you expect something to pass without throwing, you must wrap it into something like await expect(...).resolves.toBeTruthy(). If you instead expect something to throw, you need to wrap it into await expect(...).rejects.toThrow().

[IT-CASADO]

Quote reply from darthtrevino:

I do, but I think this is a different issue than the issue filed. This looks like an issue with dlx. As a workaround you may want to do the following:

• Comment out your private azure repo config
• Add typescript and prettier as dev dependencies to the top level workspace
• pnpify the repository, verifying that the typescript, prettier SDKs are loaded in and that the VSCode settings are changed
• commit the sdk files and uncomment out your private registry settings

@arcanis Can you also confirm this bug with my repository

I tried to reproduce it with Sherlock but had no success.
You can see the code for Sherlock in the issue details.

[yarnbot]

Hi! 👋

This issue looks stale, and doesn't feature the reproducible label - which implies that you didn't provide a working reproduction using Sherlock. As a result, it'll be closed in a few days unless a maintainer explicitly vouches for it or you edit your first post to include a formal reproduction (you can use the playground for that).

Note that we require Sherlock reproductions for long-lived issues (rather than standalone git repositories or similar) because we're a small team. Sherlock gives us the ability to check which bugs are still affecting the master branch at any given point, and decreases the amount of code we need to run on our own machines (thus leading to faster bug resolutions). It helps us help you! 😃

If you absolutely cannot reproduce a bug on Sherlock (for example because it's a Windows-only issue), a maintainer will have to manually add the upholded label. Thanks for helping us triaging our repository! 🌟

[Jessica-Koch]

FWIW, working on my team's private repo, I was able to see this same issue, I initially saw it with when running yarn dlx @yarnpkg/doctor. When I comment out the azure registry items in my yarnrc.yml file, I am able to run the commands as expected

[IT-CASADO]

Unfortunately I didn't get it work (last year) and that's the reason why I gave up to try to use YARN 2.

The one big reason for us using YARN 2 is the concept of PnP (to get rid of node_modules folder).
But because of this issue and some others with Angular (libs), NX, .... I cannot use PnP. Could be that some of them are solved nowaday.

[IT-CASADO]

Is this related to / a duplicate of #1484

[merceyz]

Based on the repro you've provided no, I tried your repro but can't reproduce as even yarn npm whoami fails

[IT-CASADO]

hm... i get the same error with yarn npm whoami

But configuration seems to be fine, because I can successfully run yarn
But after this yarn dlx [@yarnpkg/pnpify --sdk vscode] is failing

BTW: I update my repro to the latest version of YARN 2.4.1

[IT-CASADO]

ok, it's a different error now... I need to check it...

[merceyz]

The command you're running is invalid

-yarn dlx [@yarnpkg/pnpify --sdk vscode]
+yarn dlx @yarnpkg/pnpify --sdk vscode

[IT-CASADO]

ok, for a few weeks I revoked my token in npmAuthIdent. Now there is a fresh and valid token configured.
(the token can be public, because it is for a non-productive environment for a demo-only user with limited rights only)

To proof that the token is valid I used it to publish my package:

yarn npm publish

As you can see everything is working fine!

Then I tried yarn npm whoami, but got an error:

Then I tried to install the SDK with yarn dlx @yarnpkg/pnpify --sdk vscode.
I'm getting the same error as already reported in this ticket:

You can check it with my latest code in my repository.

[merceyz]

Cloned and tested again, everything returns a 401

$ yarn
➤ YN0000: ┌ Resolution step
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0041: │ typescript@npm:4.0.3: Invalid authentication (as an unknown user)
➤ YN0013: │ No packages were cached - 2 packages had to be fetched
➤ YN0000: └ Completed in 0s 414ms
➤ YN0000: Failed with errors in 0s 432ms

[IT-CASADO]

ahhh, sorry!! I forgot to push my changes to GITHUB... Please can you try again

[merceyz]

Your registry is returning the wrong value for the bin field, comparing https://registry.yarnpkg.com/@yarnpkg/pnpify/2.4.0 vs your registry and you see this diff:

- "bin": "./lib/cli.js",
+ "bin": {"@yarnpkg/pnpify": "./lib/cli.js"}

[IT-CASADO]

I don't see any difference. What are you comparing?

I downloaded the .tar file (manually from the website of my Azure registry).

Inside that I found this package.json

{
  "name": "@yarnpkg/pnpify",
  "version": "2.4.0",
  "license": "BSD-2-Clause",
  "main": "./lib/index.js",
  "bin": "./lib/cli.js",
  "types": "./lib/index.d.ts",
  "sideEffects": false,
  "dependencies": {
    "@yarnpkg/core": "^2.4.0",
    "@yarnpkg/fslib": "^2.4.0",
    "@yarnpkg/parsers": "^2.3.0",
    "chalk": "^3.0.0",
    "clipanion": "^2.6.2",
    "comment-json": "^2.2.0",
    "lodash": "^4.17.15",
    "tslib": "^1.13.0"
  },
  "devDependencies": {
    "@types/comment-json": "^1.1.1",
    "@types/lodash": "^4.14.136",
    "@yarnpkg/monorepo": "0.0.0",
    "@yarnpkg/pnp": "^2.3.2",
    "eslint": "^6.8.0",
    "typescript": "4.1.0-beta"
  },
  "peerDependencies": {
    "eslint": "*",
    "typescript": "*"
  },
  "peerDependenciesMeta": {
    "eslint": {
      "optional": true
    },
    "typescript": {
      "optional": true
    }
  },
  "scripts": {
    "postpack": "rm -rf lib",
    "prepack": "run build:compile \"$(pwd)\"",
    "release": "yarn npm publish",
    "test": "run test:unit packages/yarnpkg-pnpify"
  },
  "publishConfig": {
    "main": "./lib/index.js",
    "bin": "./lib/cli.js",
    "types": "./lib/index.d.ts"
  },
  "files": [
    "/lib/**/*",
    "/bin.js"
  ],
  "repository": {
    "type": "git",
    "url": "ssh://[email protected]/yarnpkg/berry.git"
  },
  "engines": {
    "node": ">=10.19.0"
  }
}

It's the same value for the bin field.

I also added the @yarnpkg/pnpify to my projects package.json and installed it via YARN.
There is also the same value.

[merceyz]

Indeed the tar is identical but the response from the registry isn't, compare the response from https://pkgs.dev.azure.com/it-casado/yarn-bugs/_packaging/yarn-bugs/npm/registry/@yarnpkg%2fpnpify vs https://registry.yarnpkg.com/@yarnpkg/pnpify

[IT-CASADO]

You are right. I tried it only the NPM WAY and got the same wrong result.
So it seems to be Azure DevOps related.

[IT-CASADO]

@merceyz Many thanks for your help!

I created a bug ticket here:
https://developercommunity.visualstudio.com/t/azure-artifacts-packages-feed-as-upstream-source-r/1383545

[IT-CASADO]

@merceyz Are you sure that this is not related to YARN!?

I can successfully execute following command: npx @yarnpkg/pnpify --sdk vscode

[merceyz]

Don't need to involve npm nor Yarn to reproduce, just compare the output from the two registries.

[IT-CASADO]

Yes, I see the difference.
But even with this difference it is working perfectly fine with NPM/NPX on the private registry, but NOT with YARN.

To be honest: I don't know what should be the correct value in a private (upsstream) repository.

[arcanis]

There are two problems. One is the registry (it returns @yarnpkg/pnpify as binary name, which isn't correct - the binary is called pnpify), one is Yarn (if there's a single binary we should use it regardless of the package name, but we don't).

[merceyz]

That will indeed fix it for dlx and is something I've thought about doing but it wont help with

yarn add @yarnpkg/pnpify && yarn pnpify --sdk vscode

but that is a problem with the registry changing the published data

[IT-CASADO]

I'm not a technical expert on NPM/YARN/REGISTRIES, and I don't know exactly what information Microsoft needs to fix this issue (or at least confirm it as an issue with Azure DevOps Artifacts Feeds).

If you can, you can help me by providing more details to my ticket @ Visual Studio Developer Community:
https://developercommunity.visualstudio.com/t/azure-artifacts-packages-feed-as-upstream-source-r/1383545

Many thanks so far!

[acton-bell]

A quick workaround* is to set a custom scope just for @yarnpkg in your .yarnrc.yml:

npmScopes:
  yarnpkg:
    npmRegistryServer: "https://registry.yarnpkg.com"

*context: we had the same issue attempting to execute yarn dlx @yarnpkgdoctor in a repository exclusively using an Azure Artifacts feed with npm as the upstream.