Skip to content

fix: Preserve file: protocol entries in pruned yarn v1 lockfile#12064

Merged
anthonyshew merged 1 commit into
mainfrom
shew/issue-4105-fix
Feb 28, 2026
Merged

fix: Preserve file: protocol entries in pruned yarn v1 lockfile#12064
anthonyshew merged 1 commit into
mainfrom
shew/issue-4105-fix

Conversation

@anthonyshew

@anthonyshew anthonyshew commented Feb 28, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Fixes turbo prune dropping file: protocol dependencies from the pruned yarn.lock, causing yarn install --frozen-lockfile to fail on pruned output
  • Adds a yarn1-file-dep check-lockfiles fixture that reproduces the bug

Problem

Yarn v1 creates lockfile entries for file: protocol dependencies (e.g. "@repo/eslint-config@file:./packages/eslint-config"). During pruning, the dependency splitter correctly classifies these as internal workspace dependencies — but that means they never get added to the set of lockfile keys passed to Yarn1Lockfile::subgraph(). The pruned lockfile is then missing these entries entirely, which breaks frozen installs.

Fix

Yarn1Lockfile::subgraph now scans the original lockfile for file: protocol entries whose paths match included workspace packages, and includes them in the pruned output. This is scoped to subgraph rather than changing the dependency splitter because the classification as "internal" is correct for the package graph — it's only the lockfile serialization that needs the extra entries.

Testing

To verify the fix manually on the new fixture:

cargo build --bin turbo
cd lockfile-tests/fixtures/yarn1-file-dep
git init && git add . && git commit -m init
turbo prune web
grep "file:" out/yarn.lock  # should show the @repo/eslint-config entry
cd out && yarn install --frozen-lockfile --ignore-scripts  # should succeed

Closes #4105

@anthonyshew
fix: Preserve file: protocol entries in pruned yarn v1 lockfile
a51ba30 
Yarn v1 creates lockfile entries for file: protocol dependencies that
point to workspace packages. During prune, these are classified as
internal by the dependency splitter and excluded from the lockfile key
set, causing yarn install --frozen-lockfile to fail on pruned output.

Fix Yarn1Lockfile::subgraph to also include file: entries whose paths
match included workspace packages.

Closes #4105
@anthonyshew anthonyshew requested a review from a team as a code owner February 28, 2026 15:45
@anthonyshew anthonyshew requested review from tknickman and removed request for a team February 28, 2026 15:45
@vercel

vercel Bot commented Feb 28, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
examples-basic-web Building Building Preview, Comment, Open in v0 Feb 28, 2026 3:45pm
examples-designsystem-docs Building Building Preview, Comment, Open in v0 Feb 28, 2026 3:45pm
examples-gatsby-web Building Building Preview, Comment, Open in v0 Feb 28, 2026 3:45pm
examples-kitchensink-blog Building Building Preview, Comment, Open in v0 Feb 28, 2026 3:45pm
examples-nonmonorepo Building Building Preview, Comment, Open in v0 Feb 28, 2026 3:45pm
examples-svelte-web Building Building Preview, Comment, Open in v0 Feb 28, 2026 3:45pm
examples-tailwind-web Building Building Preview, Comment, Open in v0 Feb 28, 2026 3:45pm
examples-vite-web Building Building Open in v0 Feb 28, 2026 3:45pm
turbo-site Building Building Preview, Comment, Open in v0 Feb 28, 2026 3:45pm
turborepo-agents Building Building Preview, Comment, Open in v0 Feb 28, 2026 3:45pm
turborepo-test-coverage Building Building Preview, Comment, Open in v0 Feb 28, 2026 3:45pm

@github-actions

github-actions Bot commented Feb 28, 2026

Copy link
Copy Markdown
Contributor

Coverage Report

Metric Coverage
Lines 82.54%
Functions 54.37%
Branches 0.00%

View full report

@anthonyshew anthonyshew merged commit ae5c1a1 into main Feb 28, 2026
71 of 72 checks passed
@anthonyshew anthonyshew deleted the shew/issue-4105-fix branch February 28, 2026 16:10
@github-actions github-actions Bot mentioned this pull request Mar 2, 2026
Merged
github-actions Bot added a commit that referenced this pull request Mar 2, 2026
@github-actions @turbobot-temp
release(turborepo): 2.8.13-canary.9 (#12101)
ea93f81 
## Release v2.8.13-canary.9

Versioned docs: https://v2-8-13-canary-9.turborepo.dev

### Changes

- fix: Treat `npm: alias` dependencies as external, not workspace
references (#12061) (`b179cb8`)
- test: Port 18 more prysk tests to Rust (other/ +
lockfile-aware-caching/) (#12062) (`7887af2`)
- release(turborepo): 2.8.13-canary.8 (#12063) (`2a5522a`)
- fix: Preserve file: protocol entries in pruned yarn v1 lockfile
(#12064) (`ae5c1a1`)
- perf: Use stack-allocated OidHash in FileHashes and skip expanded
hashes on normal runs (#12065) (`677b248`)
- test: Port all 8 find-turbo prysk tests to Rust (#12066) (`f827fca`)
- fix: Support pnpm per-workspace lockfiles in turbo prune (#12067)
(`23d047d`)
- test: Port final 2 prysk tests to Rust (100% complete) (#12068)
(`6d7e057`)
- fix: Resolve Berry prune failure when resolutions contain patch
overrides (#12069) (`6fe3c5e`)
- test: Add lockfile fixture for yarn berry resolution pruning (issue
#2791) (#12071) (`6cc1654`)
- chore: Remove prysk test framework entirely (#12070) (`ed2d05a`)
- refactor: Clean up test infrastructure and eliminate duplication
(#12072) (`338911d`)
- fix: Retain injected workspace package entries during pnpm lockfile
pruning (#12073) (`acbe869`)
- ci: Exclude turborepo-lsp and turborepo-schema-gen from test builds
(#12075) (`4ce12e2`)
- refactor: Clean up test infrastructure + improve test quality (#12074)
(`4571f2b`)
- ci: Remove redundant cargo build from coverage job (#12077)
(`3c9bbe2`)
- perf: Speed up lockfile test suite (#12078) (`20024df`)
- ci: Remove integration test serialization (#12079) (`24d7c02`)
- fix: Preserve `file:` and `link:` protocol entries in pruned bun
lockfile (#12076) (`2635d9a`)
- fix: Stop running unnecessary npm install in engines tests (#12081)
(`24e4905`)
- test: Add lockfile fixture for pnpm v9 injected workspace deps (issue
#8243) (#12082) (`4d4929b`)
- fix: Filter orphaned Yarn packageExtensions entries during lockfile
pruning (#12084) (`68eb223`)
- fix: Align experimentalObservability on object maps rather than arrays
(#12089) (`9b9d1e4`)
- examples: Upgrade with-react-native-web example to use latest versions
(#12085) (`980ca43`)
- fix: duplicate /signup? in Vercel URL (#12088) (`e865b51`)
- ci: Deduplicate Rust test compilation with nextest archive (#12083)
(`962cf39`)
- fix: Prevent yarn integration tests from hanging on corepack prompts
(#12090) (`29b0da7`)
- fix: Prevent turbo dev from hanging when daemon file watching fails
(#12091) (`b0d2f62`)
- ci: Skip pnpm install for Rust test jobs (#12092) (`ebd137f`)
- perf: Optimize npm lockfile parser (#12093) (`e4b4a66`)
- chore: Trim unused dependency features for faster compilation (#12094)
(`03b79e0`)
- fix: Prevent lockfile-aware yarn test from hanging on corepack
downloads (#12095) (`bf516e4`)
- fix: Exclude turborepo-repository from JS smoke test in release
workflow (#12097) (`fecc400`)

---------

Co-authored-by: Turbobot <turbobot@vercel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tknickman tknickman Awaiting requested review from tknickman tknickman is a code owner automatically assigned from vercel/turbo-oss

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[turborepo] turbo prune does not copy over file: dependencies in root package.json

1 participant

@anthonyshew