npm install removes all other packages if dependencies in package.json is an array instead of an object.

cli
help-wanted
priority:low
triaged

(Roland) #1

What I Wanted to Do

I wanted to install the xmlbuilder module. I used the line npm install xmlbuilder --save. At this point I had already installed the minimist module.

What Happened Instead

xmlbuilder module was installed, but minimist got removed. When I tried to reinstall minimist, xmlbuilder got removed.

Reproduction Steps

  1. make a package.json like this:
{
  "name" : "underscore",
  "description" : "JavaScript's functional programming helper library.",
  "homepage" : "http://documentcloud.github.com/underscore/",
  "keywords" : ["util", "functional", "server", "client", "browser"],
  "author" : "Jeremy Ashkenas <jeremy@documentcloud.org>",
  "contributors" : [],
  "dependencies" : [],
  "repository" : {"type": "git", "url": "git://github.com/documentcloud/underscore.git"},
  "main" : "underscore.js",
  "version" : "1.1.6"
}

(contents taken from https://docs.nodejitsu.com/articles/getting-started/npm/what-is-the-file-package-json/)

  1. run:

npm install minimist

Notice the “node_modules” directory is created and populated with a “minimist” directory

  1. run:

npm install xmlbuilder

Notice the “minimist” directory is removed from the “node_modules” directory, and the “xmlbuilder” directory is added instead

Details

The problem can be fixed by making the "dependencies " property in the package.json file an object, rather than an array.

Platform Info

$ npm --versions
{ rolapjs: '0.0.1',
  npm: '6.2.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.32.0',
  node: '8.11.3',
  openssl: '1.0.2o',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.1',
  v8: '6.2.414.54',
  zlib: '1.2.11' }

$ node -p process.platform
win32


(Brian Olore) #2

Hi @rpbouman!

As you’ve discovered, according to the documentation, dependencies needs to be an object. The package.json you referenced is from a web page created back in 2011, so perhaps it’s just out of date?

While recreating this, I see that if the package.json has dependencies: [] (which I am not sure how that would happen), then using the --save option in npm install results in no change to the package.json file, and no error.

It seems like an error should be raised when it is supposed to write to package.json and doesn’t.

One possible solution would be to check the validity of package.json, which may resolve this bug as well.

EDIT: There is a basic “is it json?” check here, but nothing more https://github.com/npm/cli/blob/latest/lib/install.js#L683


(system) #3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.