NPM unable to recognize itself as a peer dependency

cli
triaged

(Sam Moore) #1

What I Wanted to Do

Include npm in my projects peerDependencies to my application in order to specify a minimum version of NPM, rather than installing NPM into my devDependencies.

What Happened Instead

Upon running npm install inside of the given project, NPM claims that I do not have the matching dependency. See “Details” below for example output.

Reproduction Steps

  1. [sudo] npm install -g npm@6.4.1 (alternatively, I assume replacing the version specified in step 4 with your current version produces similar results)
  2. mkdir abc-xyz/ && pushd abc-xyz/
  3. npm init .
  4. Add the following to your package.json object (following valid JSON):
"peerDependencies": { "npm": "^6.4.1" }
  1. Run npm install

Details

$ npm install
    # ... content removed for brevity
npm WARN abc-xyz@0.5.1 requires a peer of npm@^6.4.1 but none is installed. You must install peer dependencies yourself.
    # ... content removed for brevity
$ npm -v
6.4.1

Platform Info

$ npm --versions
{ npm: '6.4.1',
  ares: '1.10.1-DEV',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.32.0',
  node: '8.12.0',
  openssl: '1.0.2p',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.19.2',
  v8: '6.2.414.66',
  zlib: '1.2.11' }
$ node -p process.platform
darwin

(Lars Willighagen) #2

Assuming you actually want to require the npm package, this is expected behaviour. npm only looks ate locally installed packages when determining the requirements of peer dependencies. This makes sense, because depending on your NODE_PATH you can’t actually require global packages.

If installing/otherwise interacting with your package only works with certain versions of npm, you can set a minimal version instead in the engines field:

You can also use the “engines” field to specify which versions of npm are capable of properly installing your program. For example:

{ "engines" : { "npm" : "~1.0.20" } }

Unless the user has set the engine-strict config flag, this field is advisory only and will only produce warnings when your package is installed as a dependency.