"yarn check --integrity" fails with npm as a dependency

[mxmul]

Do you want to request a feature or report a bug?
I'm pretty sure this is a bug.

What is the current behavior?
In an empty directory with the following package.json, yarn produces a lockfile that does not recreate node_modules and will fail yarn check --integrity.

{
  "name": "foo",
  "license": "MIT",
  "dependencies": {
    "npm": "5.0.3"
  }
}

If the current behavior is a bug, please provide the steps to reproduce.

~/foo$ rm -rf node_modules/ yarn.lock
~/foo$ yarn && yarn check --integrity
yarn install v0.26.1
info No lockfile found.
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
Done in 5.48s.
yarn check v0.26.1
success Folder in sync.
Done in 0.11s.
~/foo$ rm -rf node_modules/
~/foo$ yarn && yarn check --integrity
yarn install v0.26.1
[1/4] Resolving packages...
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
Done in 3.70s.
yarn check v0.26.1
warning Integrity check: Lock files don't match
error Integrity check failed
error Found 1 errors.
info Visit https://yarnpkg.com/en/docs/cli/check for documentation about this command.

What is the expected behavior?
yarn check --integrity should succeed.

Please mention your node.js, yarn and operating system version.
node 6.3.1 yarn 0.26.1 macOS 10.11.6

[mxmul]

Also, after the first yarn invocation (without a lockfile) node_modules contains modules that yarn why can't explain (note: I've looked at the package.json of npm, and these are all bundleDependencies):

~/foo$ ls node_modules/ | grep lodash
lodash._baseindexof
lodash._baseuniq
lodash._bindcallback
lodash._cacheindexof
lodash._createcache
lodash._createset
lodash._getnative
lodash._root
lodash.clonedeep
lodash.restparam
lodash.union
lodash.uniq
lodash.without
~/foo$ yarn why node_modules/lodash._baseindexof
yarn why v0.26.1
[1/4] Why do we have the module "node_modules/lodash._baseindexof"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
error We couldn't find a match!
Done in 0.46s.

[bestander]

@mxmul, I can't repro this error.
Can commit node_modules from your system and push it to a public repo?
I'd like to inspect .yarn-integrity file

[mxmul]

@bestander I've got a repo here that reproduces the error.

[bestander]

Thanks for reporting, @mxmul.
This looks interesting.

Your .yarn-integrity does not contain debuglog@* entry however yarn.lock has it.
That is why integrity check fails.

Removing node_modules does not fix it.
But removing yarn.lock does but only for one installation.

[arcanis]

Maybe related to bundleDependencies?

[bestander]

@arcanis, very likely

[BYK]

This is fixed on master now. I think thanks to #4122 and #4046