npm version 5 broke local and global lifecycle hooks

This is a dupe/re-open of https://github.com/npm/npm/issues/18285

What I Wanted to Do

Wanted npm to execute postinstall script at $(npm -g prefix)/lib/node_modules/.hooks/postinstall

What Happened Instead

Install succeeded, but postinstall script wasn’t run as expected.

Reproduction Steps

  • Create a .hooks/postinstall file in $(npm -g prefix)/lib/node_modules/
  • npm install -g -verbose teenytest
  • The postinstall script is not executed

Details

It looks like https://github.com/npm/cli/commit/e0849878dd248de8988c2ef3fc941054625712ca introduced the bug and https://github.com/npm/npm-lifecycle/pull/13 fixed it.

This issue no longer exists on the latest version, so mainline npm is fine. My concern now is that version 5.10.0 is still marked as the current “lts” version of npm. However, the bug fix from 6.1.0 (or even just a revert of e084987) hasn’t been backported. If the LTS tag is soon to move off 5.x and over to 6.x, then this is a non-issue. But until that’s the case, the LTS version of npm isn’t running global hook scripts, which I consider a significant bug.

Platform Info

Broken versions of npm: 5.1.0 thru 6.0.1. (inclusive on both ends; 5.0.4 works fine, and 6.1.0-next.0 fixes the issue)

$ npm --versions
{ npm: '5.10.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.33.0',
  node: '8.15.0',
  openssl: '1.0.2q',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.23.2',
  v8: '6.2.414.75',
  zlib: '1.2.11' }
$ node -p process.platform
darwin

We don’t intend to provide any further updates to the npm@5 line, but I know we haven’t updated the lts dist-tag. I’ve brought up the topic among our team and we’ll discuss what to do – officially, we haven’t had an actual LTS for a very long time, and the dist-tag staying on npm@5 was more out of neglect than intention.

I’m going to consider this ticket resolved because the bug is fixed in the latest version of npm, and we have no intention of patching npm@5 for a bug like this – we generally would only do that for big semver-major versions, depending on the needs of Node.js itself, and often for security-related issues.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.