[BUG] npm install ignores engines + engine-strict=true

[BenjaminWFox-Lumedic]

Current Behavior:

When using npm v7.0.2 or greater, setting "engines": { "node": ">=14.15.0 <15.0.0" }, in package.json and engine-strict=true in .npmrc seems to be ignored.

Expected Behavior:

It should error if the current version is outside of the specified range when trying to npm install

Steps To Reproduce:

1. create new folder & npm init
2. add "engines": { "node": ">=14.15.0 <15.0.0" }, to package.json
3. add engine-strict=true to .npmrc
4. run npm install
5. see difference between npm versions

➜  test-npm-repo npm install
npm ERR! code ENOTSUP
npm ERR! notsup Unsupported engine for [email protected]: wanted: {"node":">=14.15.0 <15.0.0"} (current: {"node":"12.13.1","npm":"6.12.1"})
npm ERR! notsup Not compatible with your version of node/npm: [email protected]
npm ERR! notsup Not compatible with your version of node/npm: [email protected]
npm ERR! notsup Required: {"node":">=14.15.0 <15.0.0"}
npm ERR! notsup Actual:   {"npm":"6.12.1","node":"12.13.1"}

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/benfox/.npm/_logs/2020-11-13T23_31_52_040Z-debug.log
➜  test-npm-repo nvm use 15.0.1
Now using node v15.0.1 (npm v7.0.3)
➜  test-npm-repo npm install

up to date in 256ms

found 0 vulnerabilities
➜  test-npm-repo

Environment:

macOS Catalina 10.15.5

[ljharb]

Can you try with npm v7.0.11?

[BenjaminWFox-Lumedic]

I think I did that right - it didn't seem to make a difference:

➜  test-npm-repo npm update
➜  test-npm-repo npm install -g [email protected]
/Users/.../.nvm/versions/node/v12.13.1/bin/npm -> /Users/.../.nvm/versions/node/v12.13.1/lib/node_modules/npm/bin/npm-cli.js
/Users/.../.nvm/versions/node/v12.13.1/bin/npx -> /Users/.../.nvm/versions/node/v12.13.1/lib/node_modules/npm/bin/npx-cli.js
+ [email protected]
added 53 packages from 20 contributors, removed 236 packages and updated 194 packages in 5.912s
➜  test-npm-repo npm -v
7.0.11
➜  test-npm-repo npm install

up to date in 432ms

found 0 vulnerabilities
➜  test-npm-repo cat package.json
{
  "name": "test-npm-repo",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "engines": {
    "node": ">=14.15.0 <15.0.0"
  },
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC"
}
➜  test-npm-repo cat .npmrc
engine-strict=true
➜  test-npm-repo

[RobertHaedrich2012]

This issue still exists with npm v7.15.1.

### Environment
macOS Big Sure 11.3

Oh sorry, that was wrong. NPM still checks the engine version and respects the strict flag. My problem is, that the timing of the check has probably been changed. Looks like the check is now after the dependencies are installed. Maybe some identically behavior change like the preinstall script.

[darcyclarke]

@RobertHaedrich2012 this seems to be working as intended on v7 now (npm i -g npm - latest is v7.19.0). If you think the timing should be changed, definitely let us know over on the npm/rfcs repo.

package.json

{
  "engines": {
    "node": "1.2.3"
  },
  "dependencies": {
    "abbrev": ""
  }
}

Output

$ npm i --engine-strict
npm ERR! code EBADENGINE
npm ERR! engine Unsupported engine
npm ERR! engine Not compatible with your version of node/npm: undefined
npm ERR! notsup Not compatible with your version of node/npm: undefined
npm ERR! notsup Required: {"node":"1.2.3"}
npm ERR! notsup Actual:   {"npm":"7.19.0","node":"v16.0.0"}

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/isaacs/.npm/_logs/2021-06-25T19_46_46_698Z-debug.log