Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] npm dedupe breaks dependencies with individual installs #1548

Closed
JacobLey opened this issue Jul 21, 2020 · 1 comment
Closed

[BUG] npm dedupe breaks dependencies with individual installs #1548

JacobLey opened this issue Jul 21, 2020 · 1 comment
Labels
Bug thing that needs fixing Release 6.x work is associated with a specific npm 6 release

Comments

@JacobLey
Copy link

What / Why

npm dedupe is used to bring common modules down the dependency tree. It should not do it so much that it breaks any dependency though.

When installing packages one-by-one (e.g. npm install <package-name> rather than npm i) that share common sub-dependencies but require different versions, running npm dedupe afterwards breaks some dependencies.

The easiest way to show is by example. I have created a basic example package https://github.com/JacobLey/cli/tree/dedupeExample that is able to recreate errors.

The notable dependency tree looks like:

 dedup-example
├─┬ [email protected]
│ └── [email protected]
└─┬ [email protected]
  └─┬ [email protected]
    └── [email protected]

(these packages have many other dependencies but we are focusing on path-to-regexp here. It is my belief this is an issue with npm rather than any of these packages, it is just a combination that successfully recreates issue)

When

In the example repo, after running:

npm i
npm i tar-dep
npm dedupe

multiple dependency issue happen.

Skipping the explicit npm i tar-dep step prevents errors. Similarly prior to npm dedupe there are no detectable dependency issues.

Where

Example repo: https://github.com/JacobLey/cli/tree/dedupeExample
Go to dedupe-example directory

node --version -> v12.16.3
npm --version -> 6.14.5

How

Somehow breaking the install into several steps causes dedupe to screw up the dependency tree.

Current Behavior

See Why/When.
Running dedupe after explicit installs can break dependency tree, if there are sub dependencies that must be different versions.

Steps to Reproduce

# from working cli directory
git remote add jacob-dedupe [email protected]:JacobLey/cli.git
git pull jacob-dedupe dedupeExample
git co dedupeExample
cd ./dedupe-example
./dedupe.sh

After script has finished, inspect before-dedupe.txt and after-dedupe.txt for errors.

Expected Behavior

Assuming that all dependencies are already installed without error (before-dedupe.txt has no UNMET_DEPENDENCY errors), then npm dedupe should remove any "extraneous" packages, as well as pull packages down that do not cause a conflict.

References

https://docs.npmjs.com/cli/dedupe
https://docs.npmjs.com/cli/install

@darcyclarke darcyclarke added Release 6.x work is associated with a specific npm 6 release Bug thing that needs fixing labels Oct 30, 2020
@darcyclarke
Copy link
Contributor

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug thing that needs fixing Release 6.x work is associated with a specific npm 6 release
Projects
None yet
Development

No branches or pull requests

2 participants