Invalid relative dependency path error when installing a remote tarball

[michaldudak]

Verify latest release

• I verified that the issue exists in the latest pnpm release

pnpm version

No response

Which area(s) of pnpm are affected? (leave empty if unsure)

Dependencies resolver

Link to the code that reproduces this issue or a replay of the bug

No response

Reproduction steps

1. Create a package with the following manifest:

   {
     "name": "pnpm-repro",
     "version": "1.0.0",
     "dependencies": {
       "@mui/internal-markdown": "https://pkg.csb.dev/mui/material-ui/commit/adf52262/@mui/internal-markdown"
     }
   }

2. Run pnpm i
3. Run pnpm i again

Describe the Bug

When installing a remote tarball (from Codesandbox CI in this case), the first install succeeds, but the subsequent one fails with the error:

 ERROR  /@pkg.csb.dev/mui/material-ui/commit/adf52262/@mui/internal-markdown is an invalid relative dependency path

pnpm: /@pkg.csb.dev/mui/material-ui/commit/adf52262/@mui/internal-markdown is an invalid relative dependency path
    at Object.parse2 [as parse] (/Users/michal/.cache/node/corepack/pnpm/8.15.3/dist/pnpm.cjs:116831:15)
    at convertOldDepPathToNewDepPath (/Users/michal/.cache/node/corepack/pnpm/8.15.3/dist/pnpm.cjs:117770:32)
    at convertOldRefToNewRef (/Users/michal/.cache/node/corepack/pnpm/8.15.3/dist/pnpm.cjs:117791:16)
    at mapValues (/Users/michal/.cache/node/corepack/pnpm/8.15.3/dist/pnpm.cjs:117907:24)
    at /Users/michal/.cache/node/corepack/pnpm/8.15.3/dist/pnpm.cjs:117736:40
    at Array.map (<anonymous>)
    at convertToInlineSpecifiersFormat (/Users/michal/.cache/node/corepack/pnpm/8.15.3/dist/pnpm.cjs:117733:81)
    at writeLockfile (/Users/michal/.cache/node/corepack/pnpm/8.15.3/dist/pnpm.cjs:118003:123)
    at writeCurrentLockfile (/Users/michal/.cache/node/corepack/pnpm/8.15.3/dist/pnpm.cjs:117997:14)
    at async headlessInstall (/Users/michal/.cache/node/corepack/pnpm/8.15.3/dist/pnpm.cjs:180540:11)

The exact same tarball hosted elsewhere installs without errors.
Also, the Codesandbox CI's version works fine when using Yarn.

Expected Behavior

The package is installed without errors

Which Node.js version are you using?

20.9.0

Which operating systems have you used?

• macOS
• Windows
• Linux

If your OS is a Linux based, which one it is? (Include the version if relevant)

No response

[Sec-ant]

We're seeing the same error when installing packages from pkg.pr.new: https://app.netlify.com/sites/biomejs/deploys/66626ad6f7c01b0008049623

[Sec-ant]

We're seeing the same error when installing packages from pkg.pr.new: https://app.netlify.com/sites/biomejs/deploys/66626ad6f7c01b0008049623

We think this is caused by us using an old lock file version (6.0). We no longer see the issue when we updated our lock file version to 9.0. Sorry about the noise.

biomejs/website#543 (comment)

[zkochan]

This might be solved in pnpm v9.

[eps1lon]

This might be solved in pnpm v9.

Can confirm. We were facing the same error using https:// protocols in package versions. After bumping pnpm from 8.15.0 to 9.4.0 the install succeeded.