[BUG] npx package@version uses incorrect installed version in npx 7

[robertIsaac]

Current Behavior:

running npx @package@version generate it with the current install version

Expected Behavior:

it should be generated with the given version

Steps To Reproduce:

ex. steps to reproduce the behavior:

1. run npm i -g npm@latest to install npm 7
2. run npx @angular/cli@next new
3. answer all questions of the angular cli, it doesn't matter what the answers are
4. it will install angular 11 (while next is 12)

Environment:

• OS: Windows 10
• Node: 14.16.1
• npm: 7.12.0 (working fine with 6.14.13)

[wraithgar]

I can not duplicate this. When I run those commands my project has angular 12

~/D/n/a/asdf (master|✔) $ npm ls
[email protected] /Users/wraithgar/Development/npm/ar/asdf
├── @angular-devkit/[email protected]
├── @angular/[email protected]
├── @angular/[email protected]

I even tried it while having @angular/cli@11 installed globally, my project still got 12.

[robertIsaac]

i tried again now, it's the same
i'm using windows 10

PS C:\Users\rober\test> npm --v
7.13.0
PS C:\Users\rober\test> npx @angular/cli@10 new --defaults ng10
CREATE ng10/angular.json (3027 bytes)
CREATE ng10/package.json (1066 bytes)
CREATE ng10/README.md (994 bytes)
CREATE ng10/tsconfig.json (783 bytes)
CREATE ng10/.editorconfig (274 bytes)
CREATE ng10/.gitignore (604 bytes)
CREATE ng10/.browserslistrc (703 bytes)
CREATE ng10/karma.conf.js (1421 bytes)
CREATE ng10/tsconfig.app.json (287 bytes)
CREATE ng10/tsconfig.spec.json (333 bytes)
CREATE ng10/src/favicon.ico (948 bytes)
CREATE ng10/src/index.html (290 bytes)
CREATE ng10/src/main.ts (372 bytes)
CREATE ng10/src/polyfills.ts (2820 bytes)
CREATE ng10/src/styles.css (80 bytes)
CREATE ng10/src/test.ts (743 bytes)
CREATE ng10/src/assets/.gitkeep (0 bytes)
CREATE ng10/src/environments/environment.prod.ts (51 bytes)
CREATE ng10/src/environments/environment.ts (658 bytes)
CREATE ng10/src/app/app.module.ts (314 bytes)
CREATE ng10/src/app/app.component.html (23777 bytes)
CREATE ng10/src/app/app.component.spec.ts (934 bytes)
CREATE ng10/src/app/app.component.ts (208 bytes)
CREATE ng10/src/app/app.component.css (0 bytes)
✔ Packages installed successfully.
warning: LF will be replaced by CRLF in .browserslistrc.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in .editorconfig.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in .gitignore.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in README.md.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in angular.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in karma.conf.js.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in package-lock.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in package.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/app/app.component.html.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/app/app.component.spec.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/app/app.component.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/app/app.module.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/environments/environment.prod.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/environments/environment.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/index.html.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/main.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/polyfills.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/styles.css.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/test.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in tsconfig.app.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in tsconfig.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in tsconfig.spec.json.
The file will have its original line endings in your working directory
    Successfully initialized git.
PS C:\Users\rober\test> cd .\ng10\
PS C:\Users\rober\test\ng10> npm ls
[email protected] C:\Users\rober\test\ng10
+-- @angular-devkit/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @types/[email protected]
+-- @types/[email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
`-- [email protected]

PS C:\Users\rober\test\ng10> npm i -g npm@6

added 2 packages, removed 236 packages, changed 3 packages, and audited 54 packages in 5s

found 0 vulnerabilities
PS C:\Users\rober\test\ng10> cd ..
PS C:\Users\rober\test> npx @angular/cli@10 new --defaults angular10
Option "entryComponent" is deprecated: Since version 9.0.0 with Ivy, entryComponents is no longer necessary.
CREATE angular10/angular.json (3590 bytes)
CREATE angular10/package.json (1252 bytes)
CREATE angular10/README.md (1018 bytes)
CREATE angular10/tsconfig.json (458 bytes)
CREATE angular10/tslint.json (3185 bytes)
CREATE angular10/.editorconfig (274 bytes)
CREATE angular10/.gitignore (631 bytes)
CREATE angular10/.browserslistrc (853 bytes)
CREATE angular10/karma.conf.js (1021 bytes)
CREATE angular10/tsconfig.app.json (287 bytes)
CREATE angular10/tsconfig.spec.json (333 bytes)
CREATE angular10/src/favicon.ico (948 bytes)
CREATE angular10/src/index.html (295 bytes)
CREATE angular10/src/main.ts (372 bytes)
CREATE angular10/src/polyfills.ts (2830 bytes)
CREATE angular10/src/styles.css (80 bytes)
CREATE angular10/src/test.ts (753 bytes)
CREATE angular10/src/assets/.gitkeep (0 bytes)
CREATE angular10/src/environments/environment.prod.ts (51 bytes)
CREATE angular10/src/environments/environment.ts (662 bytes)
CREATE angular10/src/app/app.module.ts (314 bytes)
CREATE angular10/src/app/app.component.html (25725 bytes)
CREATE angular10/src/app/app.component.spec.ts (949 bytes)
CREATE angular10/src/app/app.component.ts (213 bytes)
CREATE angular10/src/app/app.component.css (0 bytes)
CREATE angular10/e2e/protractor.conf.js (869 bytes)
CREATE angular10/e2e/tsconfig.json (294 bytes)
CREATE angular10/e2e/src/app.e2e-spec.ts (642 bytes)
CREATE angular10/e2e/src/app.po.ts (301 bytes)
✔ Packages installed successfully.
warning: LF will be replaced by CRLF in .browserslistrc.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in .editorconfig.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in .gitignore.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in README.md.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in angular.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in e2e/protractor.conf.js.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in e2e/src/app.e2e-spec.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in e2e/src/app.po.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in e2e/tsconfig.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in karma.conf.js.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in package-lock.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in package.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/app/app.component.html.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/app/app.component.spec.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/app/app.component.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/app/app.module.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/environments/environment.prod.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/environments/environment.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/index.html.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/main.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/polyfills.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/styles.css.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in src/test.ts.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in tsconfig.app.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in tsconfig.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in tsconfig.spec.json.
The file will have its original line endings in your working directory
warning: LF will be replaced by CRLF in tslint.json.
The file will have its original line endings in your working directory
    Successfully initialized git.
PS C:\Users\rober\test> cd .\angular10\
PS C:\Users\rober\test\angular10> npm ls --depth 0
[email protected] C:\Users\rober\test\angular10
+-- @angular-devkit/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @angular/[email protected]
+-- @types/[email protected]
+-- @types/[email protected]
+-- @types/[email protected]
+-- [email protected]
+-- UNMET PEER DEPENDENCY [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
+-- [email protected]
`-- [email protected]

npm ERR! peer dep missing: jasmine-core@>=3.7.1, required by [email protected]
npm ERR! peer dep missing: jasmine-core@>=3.7.1, required by [email protected]
PS C:\Users\rober\test\angular10>

[wraithgar]

What does npx @angular/cli@10 --version show?

[robertIsaac]

What does npx @angular/cli@10 --version show?

PS C:\Users\rober> npx @angular/cli@10 --version

     _                      _                 ____ _     ___
    / \   _ __   __ _ _   _| | __ _ _ __     / ___| |   |_ _|
   / △ \ | '_ \ / _` | | | | |/ _` | '__|   | |   | |    | |
  / ___ \| | | | (_| | |_| | | (_| | |      | |___| |___ | |
 /_/   \_\_| |_|\__, |\__,_|_|\__,_|_|       \____|_____|___|
                |___/


Angular CLI: 12.0.0
Node: 14.16.1
Package Manager: npm 7.13.0
OS: win32 x64

Angular:
...

Package                      Version
------------------------------------------------------
@angular-devkit/architect    0.1200.0 (cli-only)
@angular-devkit/core         12.0.0 (cli-only)
@angular-devkit/schematics   12.0.0 (cli-only)
@schematics/angular          12.0.0 (cli-only)

[rfgamaral]

I think I came across a similar (same?) issue:

~/Workspace/Playground/TestProject
❯ node --version
v16.7.0

~/Workspace/Playground/TestProject
❯ npm --version
7.22.0

~/Workspace/Playground/TestProject
❯ npm init -y
Wrote to /home/Ricardo/Workspace/Playground/TestProject/package.json:

{
  "name": "testproject",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}

~/Workspace/Playground/TestProject
❯ npm install --save-dev [email protected]

added 4 packages, and audited 5 packages in 610ms

1 package is looking for funding
  run `npm fund` for details

1 moderate severity vulnerability

To address all issues, run:
  npm audit fix --force

Run `npm audit` for details.

~/Workspace/Playground/TestProject
❯ npx browserslist --version
browserslist 4.7.0

~/Workspace/Playground/TestProject
❯ npx browserslist@latest --version
browserslist 4.7.0

~/Workspace/Playground/TestProject
❯ npm install --save-dev browserslist@latest

added 2 packages, changed 1 package, and audited 7 packages in 557ms

2 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

~/Workspace/Playground/TestProject
❯ npx browserslist --version
browserslist 4.17.0

Summary:

• Created a new project
• Installed older browserslist version
• Running npx browserslist --version gives the older installed version ✔
• Running npx browserslist@latest --version gives the installed version ❌
  • Expected version being 4.17.0 (latest at the time of writing)
• Installed latest browserslist version
• Running npx browserslist --version gives the latest installed version ✔

[lukekarrys]

@rfgamaral Thanks for the additional report. I believe this is the same issue and I'm going to update the title of this issue to track it as such.

[Den-dp]

Looks like a globally installed package breaks calling via npx, since it has a higher priority.

Simple reproduction for [email protected]

1. check that svgo isn't installed globally:

> npm ls svgo -g
C:\Users\denis\AppData\Roaming\npm
`-- (empty)

2. run --version command of old svgo

> npx [email protected] --version
2.5.0

3. globally install newer svgo

> npm i [email protected] -g

added 18 packages, and audited 19 packages in 3s

8 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

4. here is where it stopped working

> npx [email protected] --version
2.7.0

[janpio]

Note that this does not only apply to globally installed packages, but also local ones:

Reproduction commands:

mkdir npxRepro
cd npxRepro
npm init -y
npm install prisma
npx prisma -v
npx [email protected] -v
npx -v
node -v

And my result with npx 8.3.1:

PS C:\Users\Jan\Documents\throwaway> mkdir npxRepro
PS C:\Users\Jan\Documents\throwaway> cd .\npxRepro\
PS C:\Users\Jan\Documents\throwaway\npxRepro> npm init -y
Wrote to C:\Users\Jan\Documents\throwaway\npxRepro\package.json:

{
  "name": "npxrepro",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}


PS C:\Users\Jan\Documents\throwaway\npxRepro> npm install prisma

added 2 packages, and audited 3 packages in 4s

found 0 vulnerabilities
PS C:\Users\Jan\Documents\throwaway\npxRepro> npx prisma -v
prisma                  : 3.12.0
[...]
PS C:\Users\Jan\Documents\throwaway\npxRepro> npx [email protected] -v
Need to install the following packages:
  [email protected]
Ok to proceed? (y) y
prisma                  : 3.12.0
[...]
PS C:\Users\Jan\Documents\throwaway\npxRepro> npx -v
8.3.1
PS C:\Users\Jan\Documents\throwaway\npxRepro> npm -v
8.3.1
PS C:\Users\Jan\Documents\throwaway\npxRepro> node -v
v16.14.0

Note how the second -v of prisma with the explicit version 3.11.1 asks me if I want to install [email protected], actually does it, and then runs 3.12.0 anyway.

There is no global prisma installed btw:

PS C:\Users\Jan\Documents\throwaway\npxRepro> npm ls prisma -g
C:\Users\Jan\AppData\Local\Volta\tools\image\node\16.14.2
`-- (empty)

[janpio]

A comment on the severity of this:
We have pipelines that depend on this behavior to use a specific version (vs. what is defined in the project). Upgrading to newer npm/npx partially broke these and made tests fail (good), others silently used the wrong version and produced unexpected and wrong results which unfortunately were not caught by tests (not good at all).

[lukekarrys]

Thanks for the detailed reproduction and re-surfacing this issue @janpio. I've updgraded the severity of this and our team is currently working through all the Priority 1 bugs, so we can get some resolution to this.

[AndrewCEmil]

Hi, just wanting to provide a bug report that I am also running into this. Interestingly I see things like the following:

$npx serverless@3 deploy

Need to install the following packages:
serverless@3
Ok to proceed? (y) y
...

$npx serverless@3 --version
Framework Core: 2.72.2 (local)
Plugin: 5.5.4
SDK: 4.3.0
Components: 3.18.2

So it seems to install the right package somewhere, but doesn't use it when running commands.

[wraithgar]

Possibly closed by #4929.

@lukekarrys will investigate and respond accordingly.

[robertIsaac]

I confirm it's working now
tested using npm 8.13.1

[wraithgar]

Oh hey thanks for confirming @robertIsaac!

[Khyalis]

For me, [email protected] continues to yield different results:

C:\...\test>npx --version
8.13.1

C:\...\test>npm ls svgo
C:\...\test
`-- (empty)

C:\...\test>npm ls svgo -g
C:\...\AppData\Roaming\npm
`-- (empty)

C:\...\test>npx [email protected] --version
Need to install the following packages:
[email protected]
Ok to proceed? (y) y
[...]
2.5.0

C:\...\test>npm i svgo@1 -g
[...]
added 76 packages, and audited 77 packages in 4s
[...]
2 high severity vulnerabilities

To address all issues (including breaking changes), run:
npm audit fix --force

Run npm audit for details.

C:\...\test>npx [email protected] --version
1.3.2

C:\...\test>npm i [email protected]
[...]
added 18 packages, and audited 19 packages in 931ms
[...]
found 0 vulnerabilities

C:\...\test>npx [email protected] --version
2.7.0

C:\...\test>npm exec [email protected] -- cmd /C "WHERE svgo"
C:\...\test\node_modules.bin\svgo
C:\...\test\node_modules.bin\svgo.cmd
C:\...\AppData\Roaming\npm\svgo
C:\...\AppData\Roaming\npm\svgo.cmd
C:\...\AppData\Local\npm-cache_npx\ef55ecbce75e2283\node_modules.bin\svgo
C:\...\AppData\Local\npm-cache_npx\ef55ecbce75e2283\node_modules.bin\svgo.cmd

[andersk]

Slightly different on Linux, but still broken:

$ npx --version
8.13.1
$ npm ls svgo
/home/node/project
`-- (empty)

$ npm ls svgo -g
/usr/local/lib
`-- (empty)

$ npx [email protected] --version
Need to install the following packages:
  [email protected]
Ok to proceed? (y) 
2.5.0
$ npm i svgo@1 -g
…
$ npx [email protected] --version
2.5.0
$ npm i [email protected]
…
$ npx [email protected] --version
2.7.0
$ npm exec [email protected] -- which -a svgo
/home/node/project/node_modules/.bin/svgo
/home/node/.npm/_npx/ef55ecbce75e2283/node_modules/.bin/svgo
/usr/local/bin/svgo

npx is still incorrectly preferring the project’s installed version over the explicit version on the command line. Please reopen.

[robertIsaac]

I will reopen as per @Khyalis and @andersk comments
but for me it's working

is by any chance you are using nvm?
I had this issue because of them, I had to delete everything and install them again for it to work
the issue was that there were a lot of version of npx, npm, and ng (for me ng was the biggest problem)
you can check by using where npx it should show only one location inside nvm
I think the root cause of my issue was that I initially installed node using standalone setup but then decided to use nvm without uninstalling the standalone version (I mean after upgrading to version 8.13.1, because when I opened the ticket I wasn't using nvm)

[ljharb]

@robertIsaac nvm, or nvm-windows (a different project)?

[andersk]

@robertIsaac I did not use nvm. Here’s a fully reproducible test case as a Dockerfile using the official Node Docker image.

FROM node:18.4.0-alpine
WORKDIR /project
RUN set -ex; \
    npm install --silent -g [email protected]; \
    npm --version; \
    version=$(npx -y [email protected] --version); \
    test "$version" = 2.5.0; \
    npm install --silent -g svgo@1; \
    npm install --silent [email protected]; \
    npm exec --silent -y [email protected] -- which -a svgo; \
    version=$(npx -y [email protected] --version); \
    test "$version" = 2.5.0  # fails

Output

$ docker build .
Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM node:18.4.0-alpine
 ---> 515db77e67c7
Step 2/3 : WORKDIR /project
 ---> Using cache
 ---> 718128102edc
Step 3/3 : RUN set -ex;     npm install --silent -g [email protected];     npm --version;     version=$(npx -y [email protected] --version);     test "$version" = 2.5.0;     npm install --silent -g svgo@1;     npm install --silent [email protected];     npm exec --silent -y [email protected] -- which -a svgo;     version=$(npx -y [email protected] --version);     test "$version" = 2.5.0  # fails
 ---> Running in ff01e030000b
+ npm install --silent -g [email protected]
+ npm --version
8.13.1
+ npx -y [email protected] --version
npm WARN deprecated [email protected]: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
+ version=2.5.0
+ test 2.5.0 '=' 2.5.0
+ npm install --silent -g svgo@1
+ npm install --silent [email protected]
+ npm exec --silent -y '[email protected]' -- which -a svgo
/project/node_modules/.bin/svgo
/root/.npm/_npx/ef55ecbce75e2283/node_modules/.bin/svgo
/usr/local/bin/svgo
+ npx -y [email protected] --version
+ version=2.7.0
+ test 2.7.0 '=' 2.5.0
The command '/bin/sh -c set -ex;     npm install --silent -g [email protected];     npm --version;     version=$(npx -y [email protected] --version);     test "$version" = 2.5.0;     npm install --silent -g svgo@1;     npm install --silent [email protected];     npm exec --silent -y [email protected] -- which -a svgo;     version=$(npx -y [email protected] --version);     test "$version" = 2.5.0  # fails' returned a non-zero code: 1

[robertIsaac]

@robertIsaac nvm, or nvm-windows (a different project)?

nvm, I have a mac

[ljharb]

@robertIsaac ah, gotcha, you mean that your system node was conflicting (also, what's where? do you mean which?)

[robertIsaac]

@robertIsaac ah, gotcha, you mean that your system node was conflicting (also, what's where? do you mean which?)

Where tells you the exact location of a file
So where npx should tell you exactly where is the npx file in your disk
But even better, if multiple npx files existing it will show all of them (I mean only the ones that's part of your environment)

Which return only one path

[ljharb]

where isn't available on my mac; perhaps it's something you added yourself?

[andersk]

where is a zsh builtin (or a Windows command). zsh is the default shell on modern Mac, but you might be using bash or some other shell that does not have where. In any case, you can also use which -a to print all matches.

[ljharb]

ah, fair enough, yes, i'm using bash.

[robertIsaac]

ah, fair enough, yes, i'm using bash.

so what's the output of which -a npx?

[ljharb]

I use nvm and don’t have a system version, so it only prints out a single line.

[wraithgar]

This should be fixed as of [email protected]

~/D/n/s/npx $ npm i [email protected]

added 1 package, and audited 2 packages in 450ms

1 high severity vulnerability

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.
~/D/n/s/npx $ npx [email protected] --version
json 9.0.5
written by Trent Mick
https://github.com/trentm/json

[samboylett]

This seems to have regressed for me:

$ npx [email protected] --version
2.2.1

$ npm -v
8.19.2

[Jolg42]

@samboylett It looks like you are using an old npm version here (v8)

I just tried on Node v20.6.0 (npm v9.8.1)

npx [email protected] --version
Need to install the following packages:
[email protected]
Ok to proceed? (y) 

And it works as expected.

[samboylett]

@Jolg42

actually looks like some weird data issue on my end:

$ npx [email protected] --version
3.0.0

$ npx [email protected] --version
Need to install the following packages:
  [email protected]
Ok to proceed? (y)
3.0.1

$ npx [email protected] --version
Need to install the following packages:
  [email protected]
Ok to proceed? (y)
3.0.2

$ npx [email protected] --version
2.2.1