npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm does not install github deep dependencies with a since-mutated package.json

What I Wanted to Do

Install a package that has a deep dependency on a Github package whose name in package.json changed (added an org). The package in question and a way of reproducing this: npm install feathers-hooks-common@1.7.2

What Happened Instead

The package is installed, the dependency is not. It is also not added to package-lock.json

Reproduction Steps

Run npm install with this package.json file:

{
  "name": "npm-issue",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "author": "",                                                                                                                                                                                                                                
  "license": "ISC",
  "dependencies": {
    "feathers-hooks-common": "1.7.2"
  }
}

cat ./node_modules/feathers-hooks-common/package.json:

// ...
  "dependencies": {
    "debug": "^2.2.0",
    "feathers-hooks-utils": "^0.1.1",
    "get-parameter-names": "git+https://github.com/benbotto/get-parameter-names.git",
    "object.assign": "^4.0.4"
  },
// ...

cat package-lock.json | grep 'get-parameter-names' ===> empty
ls -l ./node_modules/ | grep 'get-parameter-names' ===> empty

Details

I actually debugged this a bit and found the problem (I think!). I wanted to file a PR to fix this, but the fix requires some decision making I did not want to do without an OK from the CLI team beforehand (and possibly some guidance as well).

What happens:
The requirement, as can seen in the package.json dependencies (and the registry manifest, ofc), is named get-parameter-names which was likely true when (this version) of the package was published, but since then the package was added to the @avejidah organization and thus changed its name to @avejidah/get-parameter-names. Since Github is not an immutable medium, this causes trouble when installing the dependency and reaching here: https://github.com/npm/npm/blob/4c65cd952bc8627811735bea76b9b110cc4fc80e/lib/install/deps.js#L160
This returns false (because feathers-hooks-common@1.7.2's manifest has no child dependency called @avejidah/get-parameter-names, but rather one that is called get-parameter-names and thus the package is not added).

Here I got stuck fixing this, since I am not 100% certain what would be the desirable change to isDep to make this work. I’d be very happy to work on this after discussing possible solutions with the CLI team, if there is a will.

For context, this was discovered due to this issue: https://github.com/yarnpkg/yarn/issues/5930

Versions:

{ 'npm-issue': '1.0.0',
  npm: '6.1.0',
  ares: '1.13.0',
  cldr: '32.0.1',
  http_parser: '2.7.0',
  icu: '60.2',
  modules: '59',
  napi: '2',
  nghttp2: '1.29.0',
  node: '9.8.0',
  openssl: '1.0.2n',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.2',
  v8: '6.2.414.46-node.21',
  zlib: '1.2.11' }


I know this is probably not high priority - just adding this comment so the issue will not close tomorrow. (“This topic will close 7 days after the last reply.”)


I’ve been out of the office since right around when this got posted, so I haven’t been able to take a look at the repro, and may not be able to for a while. I appreciate the report, though. I’ll remove the countdown for now so we have more time for it.


@zkat - polite (I hope) ping? I’d still be happy to work on this if you feel you have the time for some initial decisions/guidance.