Yarn lockfile parsing change between 15.5.x and 15.6.x causing issues for npm

[abdavid]

Current Behavior

When building a library that has its own external dependency explicitly set in its package.json file with [email protected] the generated package.json contains a version entry for an internal package that conflicts with npm. e.g. npm will fail installing the library post publish due to the version field being an unconventional tarball URL. This behaviour leaks out the registry configuration.

e.g.

{
  "@foo/package": "npm:5.1.1::__archiveUrl=<encoded-url-to-foo-package-tarball>.tgz"
}

Expected Behavior

When building the library i expect the package.json to include the conventional semver version.

{
  "@foo/package": "5.1.1"
}

GitHub Repo

https://github.com/abdavid/14721-yarn-lockfile-parser-unconventional-semver

Steps to Reproduce

1. Clone this repo
2. Run yarn --immutable
3. Run nx g @nrwl/js:lib example --compiler=tsc --buildable --publishable --importPath=@my-ns/example
4. Run yarn config set npmScopes.gitlab-examples.npmRegistryServer "https://gitlab.com/api/v4/packages/npm/"
5. Run cd libs/example
6. Run yarn add @gitlab-examples/semantic-release-npm
7. Run cd - && nx build example

Observe generated package.json in dist/libs/example now uses an unconventional semver for @gitlab-examples/semantic-release-npm. This breaks installation for consumers of the library using npm.

Nx Report

➜ nx report

 >  NX   Report complete - copy this into the issue template

   Node : 16.18.0
   OS   : darwin arm64
   yarn : 3.2.3
   
   nx : 15.6.3
   @nrwl/angular : Not Found
   @nrwl/cypress : 15.6.3
   @nrwl/detox : Not Found
   @nrwl/devkit : 15.6.3
   @nrwl/esbuild : Not Found
   @nrwl/eslint-plugin-nx : 15.6.3
   @nrwl/expo : Not Found
   @nrwl/express : Not Found
   @nrwl/jest : 15.6.3
   @nrwl/js : 15.6.3
   @nrwl/linter : 15.6.3
   @nrwl/nest : Not Found
   @nrwl/next : Not Found
   @nrwl/node : Not Found
   @nrwl/nx-cloud : 15.0.2
   @nrwl/nx-plugin : 15.6.3
   @nrwl/react : 15.6.3
   @nrwl/react-native : Not Found
   @nrwl/rollup : 15.6.3
   @nrwl/schematics : Not Found
   @nrwl/storybook : 15.6.3
   @nrwl/web : 15.6.3
   @nrwl/webpack : Not Found
   @nrwl/workspace : 15.6.3
   @nrwl/vite : Not Found
   typescript : 4.8.4
   ---------------------------------------
   Local workspace plugins:
   ---------------------------------------
   Community plugins:

Failure Logs

Extract of generated package.json that fails to install with npm post publish.

{
  "@ruter-ds-next/tokens": "npm:5.1.1::__archiveUrl=https%3A%2F%2Fgitlab.com%2Fapi%2Fv4%2Fprojects%2F35624188%2Fpackages%2Fnpm%2F%40ruter-ds-next%2Ftokens%2F-%2F%40ruter-ds-next%2Ftokens-5.1.1.tgz",
}

Additional Information

No response

[meeroslav]

Thank you, @abdavid, for reporting this issue. Can you please create a minimal repo that reproduces this so that we can include it in the tests for #13864?

[abdavid]

@meeroslav now updated with minimal repo.

[github-actions]

This issue has been closed for more than 30 days. If this issue is still occuring, please open a new issue with more recent context.