Bugfix 3306: Check top level patterns during integrity check

[ghost]

Summary
Fixes issue 3306. Previously changes to the package.json dependencies would not throw an error during integrity checks, unless there were zero dependencies, in which case an empty yarn.lock would be written.

A condition was added to the integrity checker for top level patterns. If the top level patterns are not the same, the install task will continue running with the force flag set, as would be done with a reinstall after a package was removed.

yarn check --integrity is also affected by this, and will return an error if the top level patterns don't match those specified in the package.json.

Test plan
Before:

yarn add foo left-pad
# package.json is edited to remove left-pad
yarn
# left-pad is still in yarn.lock
# package.json is edited to remove foo
yarn
# yarn.lock is empty

After:

yarn add foo left-pad
# package.json is edited to remove left-pad
yarn
# yarn.lock only contains foo
# package.json is edited to remove foo
yarn
# yarn.lock is empty

[bestander]

Not sure we should force here

[ghost]

Okay, should the install command not regenerate the lockfile then, and instead just display a warning in this case?

[bestander]

I think it should cleanup lockfile, yes.
Just force may mean more things like forcing rebuilding binary dependencies.

[bestander]

Probably the logic for missing dependencies should be done not in bailout function but where the lockfile is saved

[ghost]

Got it. I'll try that out instead.

[bestander]

Thanks, @aracarie.
Would you add a test please?
Here is an example https://github.com/yarnpkg/yarn/blob/master/__tests__/commands/install/integration.js#L445

[bestander]

Thanks for the fix!
Prettier still complains.

Please rebase, run yarn install && yarn prettier.
After CI is green it is ready to be merged

[ghost]

👍

done