package-lock.json incorrect for optional github dependencies

What I Wanted to Do

Install an optional github dependency and then install it using npm ci

What Happened Instead

npm WARN prepare removing existing node_modules/ before installation
npm ERR! code E404
npm ERR! 404 Not Found: optional-dep@1.0.0

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/gurpreet/.npm/_logs/2019-01-17T19_00_59_839Z-debug.log

Reproduction Steps

npm init
npm i github:gurpreetatwal/optional-dep --save-optional
npm ci

OR

clone this gist: https://gist.github.com/gurpreetatwal/bc3a6b9a142a76de98de18469261aa05

Details

This is caused by the fact that npm install outputs the version number instead of the git commit hash for optional github dependencies. Notice the difference between that package being installed as a normal, dev and optional dependency

Normal

{
  "dependencies": {
    "optional-dep": {
      "version": "github:gurpreetatwal/optional-dep#7a990fa0d1c3799800e0af1826124b8a25b9f0ac",
      "from": "github:gurpreetatwal/optional-dep"
    }
  }
}

Dev

{
  "dependencies": {
    "optional-dep": {
      "version": "github:gurpreetatwal/optional-dep#7a990fa0d1c3799800e0af1826124b8a25b9f0ac",
      "from": "github:gurpreetatwal/optional-dep",
      "dev": true
    }
  }
}

Optional

{
  "dependencies": {
    "optional-dep": {
      "version": "1.0.0",
      "resolved": "github:gurpreetatwal/optional-dep#7a990fa0d1c3799800e0af1826124b8a25b9f0ac",
      "optional": true
    }
  }
}

Notice how in the optional install, the exact version number is written as opposed to the git commit hash

npm-logs

npm ci failing (6.8 KB)

Platform Info

$ npm --versions
{ 'optional-dep-testing': '1.0.0',
  npm: '6.5.0',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.0',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '6.8.275.32-node.45',
  zlib: '1.2.11' }

$ node -p process.platform
linux

Looks like a duplicate of

2 Likes

Oh oops, I tried searching before I created the issue but did not come across that issue. I think I’ve marked this resolved? Not really sure how to use this forum hahah

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.