fix: "@" in version descriptors

[selfisekai]

Breaking, again.

[robertohuertasm]

Thanks, again.

[riquito]

"breaking, again" is a bit terse as description, we're getting many breaking changes lately, some extra detail would be welcome (perhaps it's time to introduce a CHANGELOG.md file).

I don't get this change, the dependency_version function now doesn't return a version anymore (e.g. it can now return npm:[email protected] || 1.0.1 ). I guess there is a use case, but there's not enough information

[selfisekai]

I don't get this change, the dependency_version function now doesn't return a version anymore (e.g. it can now return npm:[email protected] || 1.0.1 ).

In this case, foo is the package actually downloaded from npm, which is a different one than the one it's aliased under. This change was needed to recognize these aliases correctly.

I guess the name dependency_version indeed isn't very precise. The values yarn puts there are exact copies of the descriptors in dependencies of each package's package.json. These are mostly npm version ranges, but this always included values like https://s.lnl.gay/YMSRcUPRNMxx.tgz, isaacs/minimatch#v10.0.1, latest, or ssh://[email protected]/npm/node-semver.git#semver:^7.5.0.