npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm pack (on npm@>=5.4) hangs with circular dependencies

What I Wanted to Do

I want to create a tarball of my package using npm pack. When I run npm pack in my package folder, I expect it to create a .tgz of my package.

What Happened Instead

npm@>=5.4 hangs up on npm pack when cucumber is in bundledDependencies , downgrading to npm@5.3 helps.

Reproduction Steps

Create a package.json file with cucumber in dependencies and cucumber in bundledDependencies:

  "name": "circular-dependencies-test",
  "version": "0.1.0",
  "dependencies": {
    "cucumber": "^4.2.1"
  "bundledDependencies": [

Run npm install. Then try to create a package using npm pack while using npm version 5.4 or higher.


The bug is in npm-bundled and someone has already proposed a fix (unit tests included) on 4 Jan 2018, but no response from the maintainer of npm-bundled so far. Find the pull request here:

Applying this fix solves the aforementioned issue.

Platform Info

$ npm --versions
{ 'circular-dependencies-test': '0.1.0',
  npm: '5.6.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.32.0',
  node: '8.11.3',
  openssl: '1.0.2o',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.1',
  v8: '6.2.414.54',
  zlib: '1.2.11' }
$ node -p process.platform

Triage Notes: A PR was provided to fix this:

The maintainer of npm-bundled just merged the pull request and published a new version! :slightly_smiling_face: The bug should be fixed in npm-bundled@1.0.4. I guess the only thing left to do is update npm to use the new version?

npm will automatically fetch the latest version of npm-bundled if you do this:

rm -rf package-lock.json node_modules && npm install

Problem solved.