npm ci --no-optional

What I Wanted to Do

I expected npm ci --no-optional to skip optionalDependencies.

What Happened Instead

It didn’t.

Related tickets

There were related tickets to this but they are closed out due to inactivity. I want to understand the official NPM opinion on this. Is this intended or not? If it is, then why?

Platform Info

$ npm --versions
{ npm: '6.4.1',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.0',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '6.8.275.32-node.45',
  zlib: '1.2.11' }
$ node -p process.platform
darwin

This could be caused by a (fixed) problem with marking optional and dev dependencies in package-lock.json, which npm ci uses. Can you install npm 6.6.0 or later, run npm install to correct the lock file, and then npm ci again?

I have the same issue, the package-lock.json is already updated with npm 6.4.1, it correctly contains the module as optional:

"gkt": {
  "version": "https://tgz.pm2.io/gkt-1.0.0.tgz",
  "integrity": "sha512-zr6QQnzLt3Ja0t0XI8gws2kn7zV2p0l/D3kreNvS6hFZhVU5g+uY/30l42jbgt0XGcNBEmBDGJR71J692V92tA==",
  "optional": true
},

but npm ci --no-optional still tries to download it:

npm ERR! 403 Forbidden: gkt@https://tgz.pm2.io/gkt-1.0.0.tgz

@ larsgw it didn’t work. I upgraded to latest npm, ran install again, it did as you said marked the dependencies as optional but npm ci --no-optional still installed them.

Can anyone from npm please suggest what to do?

I just ran into the same issue with npm 6.8.0. Seriously hope the team would help us fix this issue.

Bump. Workaround or explanation will do until this is fixed.

//cc @zkat

Please don’t bump posts, and please don’t try and get the attention of specific people without a good reason (e.g. you are providing some information they asked for).

The votes are a measure of how many people are affected by an issue. Your issue has only got four votes, so while the issue is certainly important to you, it is not as important as many other issues.

The most useful thing you can do to make this issue more accessible to anyone interested in offering help or investigating is to provide some nice reproduce steps. As a bonus, this achieves the same visibility as bumping without annoying the people who might answer an updated question!

Oh, an additional comment. If you are looking for work-arounds rather than reporting the bug as such, this topic could be moved to #support and the reproduce steps are optional, assuming the “related issue” covers your experience.

(Although note that support questions get closed after 7 days! Either a question gets a quick answer, or the world moves on…)

Ok I will try and move this to support. Keep in mind the npm forum says “This topic will close 3 months after the last reply” which is a very agressive way to look at your topics. If someone else comes in after 3 months and 4 days and have the same issue, they wont be able to comment or vote. So they will open another ticket. Will you count the votes in the related tickets that were closed? I created this because I couldn’t add more info on the previous topics.

I tagged the most active release developer at the time which make total sense when it comes to issues that are affecting production systems and issues that are not even documented as such. I will give any information but noone had suggested me to attach anything.

The related support discussion