Installing package does not use latest available transitive dependencies

(o.O) #1

What I Wanted to Do

Install nyc@13.3.0 in an empty test project. Expected all transitive dependencies to be up to date.

What Happened Instead

handlebars@4.1.0 was installed, even though v4.1.2 should have been (unless I’m missing something here):

➜ npm ls handlebars                   
npmtest@1.0.0 /home/crowley/work/uniq/npmtest
└─┬ nyc@13.3.0
  └─┬ istanbul-reports@2.1.1
    └── handlebars@4.1.0 
➜ npm view handlebars
handlebars@4.1.2 | MIT | deps: 4 | versions: 48
[…]
dist-tags:
4.0-patch: 4.0.14  latest: 4.1.2      legacy: 3.0.6      

published 3 days ago by knappi <npm@knappi.org>
➜ grep handlebars node_modules/nyc/node_modules/istanbul-reports/package.json 
    "handlebars": "^4.1.0"

Reproduction Steps

npm init --yes && npm i nyc@13

Platform Info

$ npm --versions
{ npmtest: '1.0.0',
  npm: '6.9.0',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.3',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '6.8.275.32-node.51',
  zlib: '1.2.11' }
$ node -p process.platform
linux
Re-installing npm package doesn't pull in newer version dependencies of it
(John Gee) #2

nyc lists istanbul-reports under its bundleDependencies, so I think you get the version packaged with nyc rather than npm looking up the latest matching version. i.e. handlebars is not a transitive dependency

(To check I deleted istanbul-reports from bundleDependencies and deleted the installed version of handlebars, reinstalled from the empty test project, and got handlebars@4.1.2 as you expected.)

1 Like
(o.O) #3

Ooh, that would explain it. Didn’t know about bundledDependencies yet (and it seems they removed those entirely in nyc@14). Thanks!

1 Like