devDependency within a 2 depth level npm install cause the version to be unknown

What I Wanted to Do

I wanted to use npm link with multiple dept linking for dev purposes.

What Happened Instead

The version in one of the package-lock.json being generated is unknown, which leads to some problem.
IE:
{
“name”: “pkg3”,
“version”: “1.1.1”,
“lockfileVersion”: 1,
“requires”: true,
“dependencies”: {
“pkg1”: {
“version”: “1.1.1”,
“dependencies”: {
“pkg2”: {
“bundled”: true
}
}
}
}
}

Reproduction Steps

1- Create pkg1 with the following package.json:
{
“name”: “pkg1”,
“version”: “1.1.1”,
“description”: “”,
“main”: “”,
“scripts”: {
“test”: “”
},
“author”: “jbisson”,
“license”: “”,
“dependencies”: {},
“devDependencies”: {
“pkg2”: “1.1.1”
}
}

2- Create a pkg2 with the different package.json content:
{
“name”: “pkg2”,
“version”: “1.1.1”,
“description”: “”,
“main”: “”,
“scripts”: {
“test”: “”
},
“author”: “jbisson”,
“license”: “”,
“dependencies”: {},
“devDependencies”: {}
}

3- Create a pkg3 with package.json content to be:
{
“name”: “pkg3”,
“version”: “1.1.1”,
“description”: “”,
“main”: “”,
“scripts”: {
“test”: “”
},
“author”: “jbisson”,
“license”: “”,
“dependencies”: {
“pkg1”: “1.1.1”
},
“devDependencies”: {}
}

4- Go to pkg2 and run: npm install -> everything good

5- Go to pkg1 and run: npm link …/pkg2 -> everything is good
run npm install -> everything is good

6- Go to pkg3 and run npm link …/pkg1
run npm install

Open the package-lock.json from pkg3 and see the missing dependencies version for pkg2:
{
“name”: “pkg3”,
“version”: “1.1.1”,
“lockfileVersion”: 1,
“requires”: true,
“dependencies”: {
“pkg1”: {
“version”: “1.1.1”,
“dependencies”: {
“pkg2”: { // ---------------------> I would expect the version to be under here???
“bundled”: true
}
}
}
}
}

I’ve included the different package.json files within https://drive.google.com/open?id=1iDvjn7CaPTdcflLpbLfrPCVWCmgEHoen

Details

Platform Info

$ npm --versions
6.7.0

$ node -p process.platform
Linux (ubuntu)

anyone that have anything to add?

if you guys think I’m missing something or my bug description is not accurate, please let me know.

Is this still a problem for you with latest npm? I followed along your steps using npm 6.7.0 and 6.8.0 on Mac, and ended up with a different package-lock.json in pkg3 without the transitive dependency listed at all when using npm 6.8.0.

{
    "name": "pkg3",
    "version": "1.1.1",
    "lockfileVersion": 1,
    "requires": true,
    "dependencies": {
        "pkg1": {
            "version": "1.1.1"
        }
    }
}

Thanks,

I can see this issue got fixed with 6.8.0+. Too bad that most node version won’t be using 6.8.0 for a while, thank you!

We can close this issue then.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.