You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
npm dedupe is used to bring common modules down the dependency tree. It should not do it so much that it breaks any dependency though.
When installing packages one-by-one (e.g. npm install <package-name> rather than npm i) that share common sub-dependencies but require different versions, running npm dedupe afterwards breaks some dependencies.
(these packages have many other dependencies but we are focusing on path-to-regexp here. It is my belief this is an issue with npm rather than any of these packages, it is just a combination that successfully recreates issue)
When
In the example repo, after running:
npm i
npm i tar-dep
npm dedupe
multiple dependency issue happen.
Skipping the explicit npm i tar-dep step prevents errors. Similarly prior to npm dedupe there are no detectable dependency issues.
Somehow breaking the install into several steps causes dedupe to screw up the dependency tree.
Current Behavior
See Why/When.
Running dedupe after explicit installs can break dependency tree, if there are sub dependencies that must be different versions.
Steps to Reproduce
# from working cli directory
git remote add jacob-dedupe [email protected]:JacobLey/cli.git
git pull jacob-dedupe dedupeExample
git co dedupeExample
cd ./dedupe-example
./dedupe.sh
After script has finished, inspect before-dedupe.txt and after-dedupe.txt for errors.
Expected Behavior
Assuming that all dependencies are already installed without error (before-dedupe.txt has no UNMET_DEPENDENCY errors), then npm dedupe should remove any "extraneous" packages, as well as pull packages down that do not cause a conflict.
npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.
If your bug is preproducible on v7, please re-file this issue using our new issue template.
If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo
What / Why
npm dedupe is used to bring common modules down the dependency tree. It should not do it so much that it breaks any dependency though.
When installing packages one-by-one (e.g.
npm install <package-name>
rather thannpm i
) that share common sub-dependencies but require different versions, running npm dedupe afterwards breaks some dependencies.The easiest way to show is by example. I have created a basic example package https://github.com/JacobLey/cli/tree/dedupeExample that is able to recreate errors.
The notable dependency tree looks like:
(these packages have many other dependencies but we are focusing on path-to-regexp here. It is my belief this is an issue with npm rather than any of these packages, it is just a combination that successfully recreates issue)
When
In the example repo, after running:
multiple dependency issue happen.
Skipping the explicit
npm i tar-dep
step prevents errors. Similarly prior tonpm dedupe
there are no detectable dependency issues.Where
Example repo: https://github.com/JacobLey/cli/tree/dedupeExample
Go to
dedupe-example
directoryHow
Somehow breaking the install into several steps causes dedupe to screw up the dependency tree.
Current Behavior
See Why/When.
Running dedupe after explicit installs can break dependency tree, if there are sub dependencies that must be different versions.
Steps to Reproduce
After script has finished, inspect
before-dedupe.txt
andafter-dedupe.txt
for errors.Expected Behavior
Assuming that all dependencies are already installed without error (
before-dedupe.txt
has no UNMET_DEPENDENCY errors), thennpm dedupe
should remove any "extraneous" packages, as well as pull packages down that do not cause a conflict.References
https://docs.npmjs.com/cli/dedupe
https://docs.npmjs.com/cli/install
The text was updated successfully, but these errors were encountered: