-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] npm install attempts to fetch already bundled indirect dependency from registry #2757
Comments
I don't know much about the internals of npm but I did a bit of debugging and the difference in behavior between macOS and Windows lead me to this for-loop that iterates over the actual tree in order to find missing edges: cli/node_modules/@npmcli/arborist/lib/arborist/load-actual.js Lines 318 to 329 in 0c6bb2b
The order of the nodes in the tree are different on macOS and Windows and replacing |
Oh, and here's the output of
|
Any updates on this bug? It seems like there's no update since end of August and we're sitting at the edge of our chairs waiting for a bugfix since it's blocking to upgrade to a much more recent version. |
It appears that
npm install
sometimes attempts to fetch indirect dependencies from the registry even though they have already been bundled with the package being installed. This causes issues if these dependencies are only available in an internal registry during install/pack-time but not available on the registry where the package is published to and eventually installed from. My understanding is that dependencies listed inbundledDependencies
also include indirect dependencies.I can only reproduce this on Windows with npm 7. The package installs just fine with npm 6 on Windows and with npm 7 on macOS.
I've created a minimal repro from my original package and used a
file:
dependency to avoid the need for a custom registry. The error looks a little different than with my original package since it fails with an error saying that it cannot find the package on the registry but I think it's the same cause. This is what my repro package looks like:package.json
:where
bar-1.0.0.tgz
contains a single filebar/package.json
:Here's a zip file with the above files: foo.zip
There are a couple of issues already that appear similar but I'm not entirely sure they're the same:
Current Behavior:
Install fails on [email protected] as it attempts to fetch already bundled indirect dependency
rimraf
from the dummy registryhttps://0.0.0.0
even though it should already be bundled with the package:2021-02-22T21_35_06_434Z-debug.log
Expected Behavior:
Install succeeds on [email protected]:
Steps To Reproduce:
cd foo
npm install
npm pack
npm install -g --registry https://0.0.0.0 foo-1.0.0.tgz
rimraf
from the dummy registryhttps://0.0.0.0
Environment:
The text was updated successfully, but these errors were encountered: