npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm list - not finding all deduped instances

What I Wanted to Do

npm list minimatch - find all instances and deduped instance of “minimatch”.

What Happened Instead

$ npm list minimatch
├─┬ gulp-filter@5.1.0
│ └─┬ multimatch@2.1.0
│   └── minimatch@3.0.4 
├─┬ gulp-jscrambler@5.2.19
│ └─┬ jscrambler@5.2.19
│   └─┬ glob@7.1.3
│     └── minimatch@3.0.4  deduped
└─┬ vue@1.0.28
  └─┬ envify@3.4.1
    └─┬ jstransform@11.0.3
      └─┬ commoner@0.10.8
        └─┬ glob@5.0.15
          └── minimatch@3.0.4  deduped

Missing is (at least) the minimatch under glob-stream.

$ npm list glob-stream
└─┬ vinyl-fs@3.0.3
  └── glob-stream@6.1.0 

Installing only glob-stream reveals that minimatch is a transitive dependency.

$ npm list minimatch
└─┬ glob-stream@6.1.0
  └─┬ glob@7.1.3
    └── minimatch@3.0.4 

Reproduction Steps

Problematic package.json (dependencies only): https://gist.github.com/CodeMan99/143caa89d98a2fbcc3b9b9e138a27ef8

  1. npm install (development)
  2. npm list minimatch - note that glob-stream is not in the result
  3. npm list glob-stream - verify that glob-stream is installed

In another directory to prove that minimatch is transitive dependency.

  1. npm install glob-stream
  2. npm list minimatch - which should give the same output as the last example block above

Platform Info

$ npm --versions
{ packager: '4.2.7',
  npm: '6.5.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.33.0',
  node: '8.14.1',
  openssl: '1.0.2q',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.23.2',
  v8: '6.2.414.75',
  zlib: '1.2.11' }
$ node -p process.platform
linux
$ node -p "require('os').release()"
4.15.0-43-generic


I seem to reproduce with just npm i glob glob-stream too.


The glob-stream under vinyl-fs is using the global, already deduped glob which has it’s own copy of minimatch, I suppose. I don’t think npm ls displays deps of deduped deps.


That makes sense. Still a bit confusing. Is there some documentation around deduping? I am not finding any.


Only this: https://docs.npmjs.com/cli/dedupe


Then I suggest we make note of how npm list is expected to behave for deduped packages after the following sentence.

The tree shown is the logical dependency tree, based on package dependencies, not the physical layout of your node_modules folder.

Found here: https://docs.npmjs.com/cli/ls