Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] git dependency installed with npm ci triggers error with npm prune --production #514

Closed
Cherry opened this issue Nov 22, 2019 · 4 comments · Fixed by #673
Closed

Comments

@Cherry
Copy link

Cherry commented Nov 22, 2019

When installing some git dependencies using the Docker image node:10-alpine via npm ci, attempts to npm prune --production result in an error like:

npm ERR! code 128
npm ERR! Command failed: git clone --mirror -q https://github.com/nodecraft/ampify.git /root/.npm/_cacache/tmp/git-clone-6573274f/.git
npm ERR! fatal: could not create leading directories of '/root/.npm/_cacache/tmp/git-clone-6573274f/.git'

To help replicate the issue, I have a directory that contains a package.json and package-lock.json. I then have a Dockerfile which when building, illustrates the issue.

I've created a repository at https://github.com/Cherry/npm-prune-ci-bug detailing this, including commands to run to replicate the issue.

Last known working version: 6.10.3. This issue does not occur if I use npm version 6.10.3 or earlier.
Tested versions that throw the above error:

6.11.0
6.11.1
6.11.2
6.11.3
6.12.1
6.13.1

It appears this regression was introduced in 6.11.0, and exists through to the latest version.

If I can provide any further information, please let me know.

Cherry added a commit to Cherry/npm-prune-ci-bug that referenced this issue Nov 22, 2019
@sdanieru
Copy link

sdanieru commented Dec 4, 2019

This was a breaking change for our builds when we bumped node:10.16 to node:10.17 (since that bumps npm 6.9.0 to 6.11.3)
Thanks @Cherry for writing this up!

@Cherry
Copy link
Author

Cherry commented Dec 12, 2019

Is there any update or resolution to this issue? With the recent security advisory to update to 6.13.4, this issue is preventing us from ensuring our team and their systems are safe.

@isaacs
Copy link
Contributor

isaacs commented Dec 30, 2019

Looks like a duplicate of #624.

@Cherry
Copy link
Author

Cherry commented Dec 30, 2019

Seems like it, yes. This was created before #624 but that issue has more discussion. I'll go ahead and close this issue and leave the discussion there.

@Cherry Cherry closed this as completed Dec 30, 2019
isaacs added a commit to npm/pacote that referenced this issue Dec 30, 2019
Fix: npm/cli#624
Fix: npm/cli#642
Fix: npm/cli#514

Infer the ownership of a git command invocation based on the cwd, if one is
specified.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants
@isaacs @Cherry @sdanieru and others