Dependencies imported from tgz (yarn file: package path) cached, integrity check fails when changed

I think I’ve run into a bug in EAS Build when using packages imported with the yarn file: synax, e.g. to handle patched dependencies.

I am trying to implement the change at and since there is no release including this PR yet, I needed to make a tarball from the cherry-picked change. I re-used the filename for the tarball between versions, and EAS Build failed with

[stderr] error Integrity check failed for "expo-in-app-purchases" (computed integrity doesn't match our records...

I don’t think there’s any way to make yarn generate these checksums in the lockfile for file paths. yarn --update-checksums does nothing, there’s no checksum in the lockfile at all.

Hi @brad-kinksters

I’m not sure about the issue you’ve run into, but there’s another way to patch dependencies that I’ve used successfully a few times:


EDIT: I think you should also be able to point to the appropriate branch or commit in Git

Yes - unfortunately though the official node Docker images aren’t on yarn 2 yet, so I don’t have patch-package.

And I do usually point at a fork/commit with Git, but that’s not possible for packages in the Expo monorepo.

patch-package doesn’t need yarn 2.

1 Like