npm list <pkg> - not finding all deduped instances

What I Wanted to Do

npm list minimatch - find all instances and deduped instance of β€œminimatch”.

What Happened Instead

$ npm list minimatch
β”œβ”€β”¬ gulp-filter@5.1.0
β”‚ └─┬ multimatch@2.1.0
β”‚   └── minimatch@3.0.4 
β”œβ”€β”¬ gulp-jscrambler@5.2.19
β”‚ └─┬ jscrambler@5.2.19
β”‚   └─┬ glob@7.1.3
β”‚     └── minimatch@3.0.4  deduped
└─┬ vue@1.0.28
  └─┬ envify@3.4.1
    └─┬ jstransform@11.0.3
      └─┬ commoner@0.10.8
        └─┬ glob@5.0.15
          └── minimatch@3.0.4  deduped

Missing is (at least) the minimatch under glob-stream.

$ npm list glob-stream
└─┬ vinyl-fs@3.0.3
  └── glob-stream@6.1.0 

Installing only glob-stream reveals that minimatch is a transitive dependency.

$ npm list minimatch
└─┬ glob-stream@6.1.0
  └─┬ glob@7.1.3
    └── minimatch@3.0.4 

Reproduction Steps

Problematic package.json (dependencies only): https://gist.github.com/CodeMan99/143caa89d98a2fbcc3b9b9e138a27ef8

  1. npm install (development)
  2. npm list minimatch - note that glob-stream is not in the result
  3. npm list glob-stream - verify that glob-stream is installed

In another directory to prove that minimatch is transitive dependency.

  1. npm install glob-stream
  2. npm list minimatch - which should give the same output as the last example block above

Platform Info

$ npm --versions
{ packager: '4.2.7',
  npm: '6.5.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.33.0',
  node: '8.14.1',
  openssl: '1.0.2q',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.23.2',
  v8: '6.2.414.75',
  zlib: '1.2.11' }
$ node -p process.platform
linux
$ node -p "require('os').release()"
4.15.0-43-generic

I seem to reproduce with just npm i glob glob-stream too.


The glob-stream under vinyl-fs is using the global, already deduped glob which has it’s own copy of minimatch, I suppose. I don’t think npm ls displays deps of deduped deps.

1 Like

That makes sense. Still a bit confusing. Is there some documentation around deduping? I am not finding any.

Only this: https://docs.npmjs.com/cli/dedupe

1 Like

Then I suggest we make note of how npm list is expected to behave for deduped packages after the following sentence.

The tree shown is the logical dependency tree, based on package dependencies, not the physical layout of your node_modules folder.

Found here: https://docs.npmjs.com/cli/ls

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.