Issue with yarn zero installs and excluded packages in restricted environments (Flathub)

[JumpLink]

I'm trying to use yarn zero installs in a restricted build environment (Flathub) where external downloads are not allowed. I'm attempting to exclude certain packages from the cache using .gitignore patterns and then use yarn workspace package-name install to install only the necessary packages.

The issue is that when I exclude a large package from the cache (which shouldn't actually be a dependency), yarn still detects that it's missing and tries to download it during installation. This fails in the Flathub build environment since external network access is blocked.

Important clarification: The problematic package IS already a dependency in my workspace, but it's NOT a dependency of the specific workspace package I'm trying to build. The package exists as a dependency in other parts of the workspace, but for the selective build I'm doing, it should not be required.

Related issue: This is related to NativeScript/android#1837 where the large package size (~115MB due to multiple AAR files) makes it problematic for yarn zero installs in the first place.

Attempts tried (all unsuccessful):

1. Command variations:

   • yarn workspace package-name install
   • yarn workspaces focus package-name

2. Arguments:

   • --immutable
   • --immutable-cache

3. Configuration settings in .yarnrc.yml:

   enableNetwork: false
   enableMirror: false
   enableGlobalCache: false

None of these approaches prevented yarn from attempting to download the excluded package.

Steps to reproduce:

1. Set up a yarn zero install project
2. Exclude a large package from the cache using .gitignore patterns (e.g., the NativeScript Android runtime packages that are ~115MB total)
3. Try to install packages with yarn workspace package-name install
4. Yarn detects the missing package and attempts to download it, which fails in restricted environments

Expected behavior:
When a package is excluded from the cache and is not actually a dependency of the workspace being installed, yarn should not attempt to download it.

Actual behavior:
Yarn tries to download the excluded package even when it's not a dependency, causing builds to fail in restricted environments like Flathub.

Question:
Is there a way to prevent yarn from downloading excluded packages that aren't actually dependencies? Or should this be considered a bug that could be fixed?

This is particularly problematic for large packages like NativeScript Android runtime that may not be needed for certain build configurations but are still attempted to be downloaded.

Environment:

• Yarn version: 4.9.4
• Node version: 24
• OS: Linux (Flathub build environment)