npm uninstall --no-save does not work with devDependencies

cli
help-wanted
priority:low
triaged

(baki) #1

What I Wanted to Do

Uninstall devDependency package from node_modules without modifing package.json

What Happened Instead

I get removed 1 package in 0.062s but the removed package is still inside node_modules.

Reproduction Steps

  • mkdir bug-no-save
  • npm init
  • npm install lodash --save-dev
  • npm uninstall lodash --no-save

Details

I have not tested this on latest version of npm but at the same time found no indication of this bug using google. --no-save works fine for regular dependencies. I have also tried to remove package-lock.json.
I need this command to optimize pipeline / server time, there are other easy workarounds but I still think this could use some attention :)

Platform Info

$ npm --versions
{ 'bug-no-save': '1.0.0',
  npm: '5.6.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.29.0',
  node: '8.11.2',
  openssl: '1.0.2o',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.1',
  v8: '6.2.414.54',
  zlib: '1.2.11' }

$ node -p process.platform
win32

$ node --version
v8.11.2

Thanks


(Rebecca Turner) #2

I can’t reproduce this with the current npm release, please update and see if this still happens for you. You’re on windows, so I encourage you to update with npx npm-windows-upgrade


(Lars Willighagen) #3

I can reproduce this on v6.4.0 (unless I made a mistake somewhere). I think, after installing foo with --no-save, running new installs removes foo, as is specified in the lock file. If uninstall triggers some install check, that might cause the lock file to be read again, re-adding the module.

$ npm init -y
Wrote to /.../006/package.json:

{
  "name": "006",
  "version": "1.0.0",
  "description": "https://npm.community/t/npm-uninstall-no-save-does-not-work-with-devdependencies/1039",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}


$ npm install lodash --save-dev
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN 006@1.0.0 No repository field.

+ lodash@4.17.10
added 1 package from 2 contributors and audited 1 package in 1.093s
found 0 vulnerabilities

$ ls node_modules/
lodash
$ more package.json | grep lodash
    "lodash": "^4.17.10"
$ npm uninstall --no-save lodash           
npm WARN 006@1.0.0 No repository field.

removed 1 package and audited 1 package in 1.034s
found 0 vulnerabilities

$ ls node_modules/
lodash
$ more package.json | grep lodash
    "lodash": "^4.17.10"
$ npm --versions
{ '006': '1.0.0',
  npm: '6.4.0',
  ares: '1.14.0',
  cldr: '32.0.1',
  http_parser: '2.8.1',
  icu: '60.2',
  modules: '57',
  napi: '3',
  nghttp2: '1.31.1',
  node: '8.11.2',
  openssl: '1.1.0h',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.22.0',
  v8: '6.2.414.54',
  zlib: '1.2.11' }
$ node -p process.platform
linux
$ node -v
v8.11.2

(Rebecca Turner) #4

Ah, ok, I gotcha, I’m not 100% sure why I wasn’t able to repro this previously:

  • npm i -D lodash && npm rm lodash removes the module successfully
  • npm i lodash && npm rm --no-save lodash removes the module from disk but not package.json
  • npm i -D lodash && npm rm --no-save lodash does not remove the module from anywhere
  • npm i -D lodash && npm rm --no-save -D lodash removes the module from both disk and package.json (because -D is short for --save-dev and it implies --save)

(system) #5

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.