Dev only (--only=dev) install fails when module is a dependency of multiple places


(Eddie Monge) #1

Dev only (–only=dev) install fails when module is a dependency of multiple places.

What I Wanted to Do

Install only the dev dependencies for a module. I do this by running npm install --only=dev.

What Happened Instead

A module that is listed as a dependency of both a normal dependency and a devDependency did not get installed.

Reproduction Steps

Run the following commands:

npm init -y
npm install --save-dev is-pr
npm install --save is-ci
rm -rf node_modules
npm install --only=dev

Inspect the node_modules folder. ci-info is not there, despite being a dependency of both packages.


The attached package-lock.json file demonstrates the problem. The lock file has ci-info listed as not a dev dependency. It is actually a dependency of both is-ci and is-pr. When running npm install --only=dev, ci-info does not get installed. This causes is-pr to fail since it requires it.

package-lock.json (961 Bytes)

Platform Info

$ npm --versions
{ test: '1.0.0',
  npm: '6.4.1',
  ares: '1.14.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.33.0',
  node: '10.11.0',
  openssl: '1.1.0i',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.0',
  v8: '',
  zlib: '1.2.11' }
$ node -p process.platform

(Lars Willighagen) #2

Seems that diff-trees filtering only installs deps that are exclusively dep dependencies (which isn’t the case here, of course):

I don’t know why that restriction is needed exactly.

(Chris Barnes) #3

Also hit by this. It seems like it should be a pretty major bug - it must be extremely common for dev and prod dependencies to share upstream dependencies, so this will happen a large proportion of the time that npm install --only=dev is used.

The only conclusion can be that nobody is using --only=dev.

Here’s a git repo which replicates the issue:

(Eddie Monge) #4

Seems like instead of setting the dev: true flag it should create an array: env: ['prod', 'dev', 'peer', etc] and then check if it the install mode is in that array. Shouldn’t be difficult to do I don’t think.