npm commands fail when tarball file on local file system is missing


(Bryan Farrell) #1

What I Wanted to Do

I have a build process that generates local file system node packages as tarball files (i.e. ‘node-package-sub-component-0.1.0.tgz’). This build process uses a node script to install the tarball packages into other local node packages. In other words, the tarball packages are components of a larger package I am building. All of this is private code for my company so at this time it cannot be published to npm for compliance reasons.

What I want to have happen is when I update the sub component and increment the version number, i.e. ‘node-package-sub-component-0.1.1.tgz’, is that when I call: “npm install --save-exact file:…/_build/common/node-package-sub-component-0.1.1.tgz” that the version 0.1.0 is replaced with 0.1.1 so I can properly version all components as I build out these private packages.

What Happened Instead

So instead of installing the new version, I get an error saying it cannot find the old version’s tarball file. It cannot find it because the “_build” folder it is in is cleaned each time the build is run. It also cannot expect to have these files there as a clean pull from git would not have them. What seems to be happening is that prior to installing version 0.1.1, npm is looking for the 0.1.0 tarball file first and then it errors out because the file is not found. I found this behavior occurred when I tried to issue the commands “install”, “uninstall”, “purge”, etc. It seems that any operation seems to fail if the reference to the tarball file on disk in package.json and/or package-lock.json is missing from the location specified in those files.

Reproduction Steps

To reproduce this take any package in a tarball (ideally an older version of a package) and install it into a new package folder using the tarball install format from the local file system. Then delete the tarball you installed and take a newer version of the package in a tarball and try to install it the same way you did the first time with the older version. It should throw an error stating that the original tarball file cannot be found. You can also try the uninstall command or purge command and both should also error out saying that the older tarball file cannot be found.

Details

One additional thing I figured out. This appears to be directly tied to the package-lock.json file. When I do the steps to reproduce the error and both package.json and package-lock.json contain a reference to the older version the error occurs. If I delete the entry for the older version from the dependencies in the package.json the error also occurs.

However, if I delete the entry for the older version from the package-lock.json (and leave the reference to the older version in the package.json) then the install command correctly updates the reference in the package.config to the new version and also adds the new version to the package-lock.json.

npm-debug.log (2.1 KB)

Platform Info

$ npm --versions
{ npm: '6.4.1',
  ares: '1.13.0',
  cldr: '33.0',
  http_parser: '2.8.0',
  icu: '61.1',
  modules: '59',
  napi: '3',
  nghttp2: '1.32.0',
  node: '9.11.2',
  openssl: '1.0.2o',
  tz: '2018c',
  unicode: '10.0',
  uv: '1.19.2',
  v8: '6.2.414.46-node.23',
  zlib: '1.2.11' }

$ node -p process.platform
win32