bonus.tgz file npm vs yarn

[joris-rotteveel]

Not a question but observation.

I have my bonus files as .tgz file in my repo and I reference this in my package.json :
 

"gsap": "./utils/gsap-bonus.tgz",

 

this should be the latest download (as of today v3.9).

"npm install" results in (package-lock.json):

"node_modules/gsap": {
"version": "3.9.0",
"resolved": "file:utils/gsap-bonus.tgz",
"integrity": "sha512-8cZp2/l9gBdFzI7Dpojh8tVPRDFivowSX8N3jl42zecPv8SXdysx4GrJcwVJz4Bl/pamFZdi17s85m4Bq5/pcQ==",
"license": "This package should only be used by individuals/companies with an active Club GreenSock membership. See https://greensock.com/club/. Licensing: https://greensock.com/licensing/"
},

now, when I remove the node modules and package-lock files and use yarn:
 

gsap@./utils/gsap-bonus.tgz:
  version "3.8.0"
  resolved "./utils/gsap-bonus.tgz#96ea3244b12c370e8ea3facb2ff28840a90a40a4"

As you can see.....wrong integrity and wrong version number!

 

Not sure why this is happening, but that is causing some issues until I change the hash and version manually in the yarn.lock file.

 

 

[GreenSock]

Hm, I'm not quite sure what to say because I'm pretty sure that has nothing to do with the GSAP file specifically. That sounds like maybe an issue in your local environment or yarn(?)  I know that yarn has several known bugs, especially related to private repos (although you're using a .tgz which is obviously different). We don't provide the integrity hash. 🤷‍♂️