Dev only (--only=dev) install fails when module is a dependency of multiple places

cli
help-wanted
priority:medium
triaged

(Eddie Monge) #1

Dev only (–only=dev) install fails when module is a dependency of multiple places.

What I Wanted to Do

Install only the dev dependencies for a module. I do this by running npm install --only=dev.

What Happened Instead

A module that is listed as a dependency of both a normal dependency and a devDependency did not get installed.

Reproduction Steps

Run the following commands:

npm init -y
npm install --save-dev is-pr
npm install --save is-ci
rm -rf node_modules
npm install --only=dev

Inspect the node_modules folder. ci-info is not there, despite being a dependency of both packages.

Details

The attached package-lock.json file demonstrates the problem. The lock file has ci-info listed as not a dev dependency. It is actually a dependency of both is-ci and is-pr. When running npm install --only=dev, ci-info does not get installed. This causes is-pr to fail since it requires it.

package-lock.json (961 Bytes)

Platform Info

$ npm --versions
{ test: '1.0.0',
  npm: '6.4.1',
  ares: '1.14.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.33.0',
  node: '10.11.0',
  openssl: '1.1.0i',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.0',
  v8: '6.8.275.32-node.28',
  zlib: '1.2.11' }
$ node -p process.platform
darwin

(Lars Willighagen) #2

Seems that diff-trees filtering only installs deps that are exclusively dep dependencies (which isn’t the case here, of course):

I don’t know why that restriction is needed exactly.


(Chris Barnes) #3

Also hit by this. It seems like it should be a pretty major bug - it must be extremely common for dev and prod dependencies to share upstream dependencies, so this will happen a large proportion of the time that npm install --only=dev is used.

The only conclusion can be that nobody is using --only=dev.

Here’s a git repo which replicates the issue: https://github.com/clbarnes/npm_dependency_bug