Published package contains `workspace:*` dependency

[maliming]

Hi team,

We noticed that the recently published package @transloadit/utils contains a dependency declaration using the workspace protocol:

d443386
https://github.com/transloadit/node-sdk/blob/main/packages/node/package.json#L23
https://www.npmjs.com/package/transloadit

"@transloadit/utils": "workspace:*"

This protocol is intended only for monorepo / workspace internal usage and should not appear in packages published to the npm registry.

---

❗ Impact

• Yarn v1 cannot resolve workspace:* from the npm registry and falls back to an interactive version selection, which causes installs to hang or fail in CI / non-interactive environments.
• npm and pnpm also do not support the workspace: protocol and will fail immediately with an error.

{
  "version": "1.0.0",
  "name": "my-app",
  "dependencies": {
    "transloadit": "~4.1.8"
  }
}

npm install
npm error code EUNSUPPORTEDPROTOCOL
npm error Unsupported URL Type "workspace:": workspace:*

yarn
yarn install v1.22.19
info No lockfile found.
[1/4] 🔍  Resolving packages...
Couldn't find any versions for "@transloadit/utils" that matches "workspace:*"
? Please choose a version of "@transloadit/utils" from this list: (Use arrow keys)
❯ 4.1.8 
  4.1.7 
  4.1.5 

---

Could you please review the publish configuration and consider republishing the affected package(s) with resolved dependency versions?

Thanks for your work on the project and for taking a look at this!

Best regards

[kvz]

Hey @maliming thank you for reporting this, I've pushed something, should be solved in:

🦋 New tag: @transloadit/node@4.1.9
🦋 New tag: transloadit@4.1.9
🦋 New tag: @transloadit/types@4.1.9
🦋 New tag: @transloadit/utils@4.1.9
🦋 New tag: @transloadit/zod@4.1.9

Apologies for this! Let me know if this works out and also if you hit other snags with the new releases, we're making quite some changes here recently.

[maliming]

@kvz 👍