package-lock.json not created when postinstall script fails


(Alex Ferrando) #1

Hello everyone.

I’m seeing some behaviour from npm cli that I haven’t encountered before / can’t find it in the docs and makes me wonder:

When running npm install with package-lock not present, in the case of a postinstall script failing, I’m seeing that package-lock.json is not generated.

Has anyone seen this / is this expected?

Repro: https://github.com/alferpal/calcifer/tree/f64263d060608a815cdb5b9cac91ea01b0f33e98

run npm run nuke

ζ node -v ; npm -v
v10.13.0
6.4.1

I’m seeing this both in linux and windows


(Lars Willighagen) #2

I don’t know if that’s intended or not, but yeah, saveDependencies (which calls saveShrinkwrap) is only called after runPostinstallTopLevelLifecycles (which runs the script):

This also has the consequence there’s no package-lock.json when the postinstall script is run. Normally I’d make a PR at this point, but:

  1. I don’t think I’m allowed supposed to move around the install steps yet, given the completely uncontained nature and all the side effects, and
  2. again, this may be intended behaviour (it’s been this way forever, looking through the git history).

Somewhat relevant GH issues:

  • 18798 suggests the workaround postshrinkwrap (although that seems a bit broken in some ways)
  • 17732 seems like a consequence

(Alex Ferrando) #3

Thank you very much for the detailed reply, Lars.

I’ll adjust my package.json scripts so that post install doesn’t fail and put the part that can fail in another script.

Thank you!


(system) #4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.