npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

NPM will skip over transitive dependencies that point to non-github URLs.

(This is related to my Stack Overflow question/answer)

What I Wanted to Do

I wanted to install a dependency A which depended on B, and B pointed to an arbitrary git URL

"B": "git+https://username:password@giturl.com/username/B"

In a new project C, I installed A expecting B to be installed as a transitive dependency.

What Happened Instead

Instead B was no where to be found. I looked through C's package.json and package-lock.json and could not find a trace of B (although A's other dependencies were there)

Also I tested this bug with a repo on github.com, and this problem does not occur. It only happens with custom git URLs.

Reproduction Steps

  1. Create a package A that depends on B, which points to a non-github git URL.
  2. Install A in a new project C
  3. B is missing.

Details

I was able to work around this issue by using either the --global-style or --legacy-bundling flag which leads me to believe the problem lies in deduping. From your docs:

The --global-style argument will cause npm to install the package into your local node_modules folder with the same layout it uses with the global node_modules folder. Only your direct dependencies will show in node_modules and everything they depend on will be flattened in their node_modules folders. This obviously will eliminate some deduping.

Platform Info

$ npm --versions

{ app4: '1.0.0',
  npm: '6.10.1',
  ares: '1.15.0',
  brotli: '1.0.7',
  cldr: '35.1',
  http_parser: '2.8.0',
  icu: '64.2',
  modules: '64',
  napi: '4',
  nghttp2: '1.34.0',
  node: '10.16.0',
  openssl: '1.1.1b',
  tz: '2019a',
  unicode: '12.1',
  uv: '1.28.0',
  v8: '6.8.275.32-node.52',
  zlib: '1.2.11' }

$ node -p process.platform

darwin