NPM is installing non declared root dependencies

cli
triaged
priority:medium

(Ole Ersoy) #1

What I Wanted to Do

I documented the issue here:

component-navbox depends on utilities-colors which depends on variables-colors.

NPM installs an old version of variables-colors in the root node_modules directory, and utilities-colors uses this module instead of the newer one that is also installed under utilities-colors/node_modules.

This leads to the runtime being incorrect.

What Happened Instead

Instead of the dependency utilities-colors/node_modules/variables-colors being used, the root dependency that NPM installed that is outdated is used.

Reproduction Steps

git clone git@github.com:superflycss/component-navbox.git

cd component-navbox
npm i

Note that @superflycss/variables-colors shows up in the root node_modules folder. However it’s an old version (3.0.4) and the current version that @superflycss/utilities-colors needs is 3.0.18. This version is also installed in the @superflycss/utilities-colors node_modules folder, however the 3.0.4 version overrides it, because it is higher up in the dependency directory tree.

Platform Info

{ '@superflycss/component-navbox': '1.0.6',
  npm: '6.7.0',
  ares: '1.14.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '67',
  napi: '3',
  nghttp2: '1.34.0',
  node: '11.0.0',
  openssl: '1.1.0i \n',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '7.0.276.28-node.5',
  zlib: '1.2.11' }

<!-- paste output here -->
$ node -p process.platform
linux

The node version is 11.0.0

How to get feedback on bug report?
(Lars Willighagen) #2

I believe the old version is because the packages you’re installing have the old versions specified in their package-lock.json, while utilities-colors has a new version. I’ll try to confirm though.

The reason that there’s one in the top node_modules is because of hoisting, but that shouldn’t cause any problems. What runtime error is this causing?


(Ole Ersoy) #3

OK - Awesome it’s fixed now. I removed package-lock.json and removed node modules and reinstalled everything, and now the correct versions are there.

I thought I did that before as well, but perhaps I forgot to remove package-lock.json.

What was happening was that the root variables-colors with the old version content was being used by utilities-colors and that caused postcss compiler warnings.

Thanks again for heads up!