[QUESTION] registry metadata mismatch with actual package.json

[rally25rs]

What / Why

Looking at the registry metadata for [email protected]

http://registry.npmjs.org/fsevents

"dependencies": {
  "bindings":"^1.5.0",
  "nan":"^2.12.1",
  "node-pre-gyp":"*"
},
"bundleDependencies": [
  "node-pre-gyp"
]

Note that node-pre-gyp is included as a dependency and a bundleDependency.

The actual package.json that is deployed for that version:

https://github.com/fsevents/fsevents/blob/v1.2.11/package.json

  "dependencies": {
    "bindings": "^1.5.0",
    "nan": "^2.12.1"
  },
  "bundledDependencies": [
    "node-pre-gyp"
  ],

does not include node-pre-gyp as a dependency.

Question

This is "normal" for there to be a difference in the metadata? Is the registry trying to "fix" the metadata by putting the bundledDependencies into dependencies? Or is this maybe stale/incorrect metadata?

Reference

I'm asking because it affects yarn's dependency resolution (if the package is already downloaded and cached, then yarn uses the dependency data in package.json instead of querying the registry)

Reference: yarnpkg/yarn#7770

[darcyclarke]

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.