'pnpm patch' not working with git urls + commit hash

[sven-meyer-wetter-com]

Verify latest release

• I verified that the issue exists in the latest pnpm release

pnpm version

No response

Which area(s) of pnpm are affected? (leave empty if unsure)

CLI

Link to the code that reproduces this issue or a replay of the bug

No response

Reproduction steps

• add any git+ssh url to either dev or normal dependencies in package.json
• call 'pnpm patch' on that dependency

Describe the Bug

We're using an 3rd party dependency via github urls + commit hash like in the following example:

"@company/lib": "git+ssh://git@github.com/company/project#e0f3a5b85f4ee2d3b3ea591ae8e25c7dc7686788"

I wanted to use "pnpm patch" to apply a small temporary patch to that version but unfortunately it does not work because it seems I have to call "pnpm patch @company/lib@version" but there's no version.

The error I'm getting is: " ERR_PNPM_NO_MATCHING_VERSION  No matching version found for xxx"

Expected Behavior

Dependencies from Git urls can be patched using pnpm patch.

Which Node.js version are you using?

18.13.

Which operating systems have you used?

• macOS
• Windows
• Linux

If your OS is a Linux based, which one it is? (Include the version if relevant)

No response

[await-ovo]

Hi, we can run pnpm patch @company/lib directly from the project root directory and if there are multiple versions of @company/lib in the project, it will prompt to select the specific version of the patch.

[sven-meyer-wetter-com]

Thanks for the reply, but this does not work because the package.json version in the specified commit does not exist yet locally (it was never downloaded I assume) because when I do pnpm view @company/lib versions pnpm does not show the version which is used in the remote package.json file (the version "behind" this commit hash. So I cannot apply a patch to it.

If I run pnpm patch @company/lib as you suggested, I just get the following error:

 ERR_PNPM_NO_MATCHING_VERSION  No matching version found for @company/lib@1.2.3
The latest release of @company/lib is "0.1.2"
 
 1.2.3 is the version used in the remote package.json file for this commit hash. And 0.1.2 is the latest one available locally as per pnpm view @company/lib versions.
 
 

[await-ovo]

Is there no version @company/lib@1.2.3 on the npm registry? If so, it does seem to be a problem right now.

[sven-meyer-wetter-com]

No indeed, there's no 1.2.3 version in the npm registry (yet). Make sense that this is the underlying problem. It was not clear from the pnpm patch documentation that this is a requirement.

It would be nice to have this working in the future because I think its a valid use case. Just imagine you want to use a yet unpublished version of a library but you additionally need to patch it. Feels not that uncommon :)