Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[BUG] npm install --no-save removes other dependencies #1460

Closed
vanpana opened this issue Jun 25, 2020 · 4 comments
Closed

[BUG] npm install --no-save removes other dependencies #1460

vanpana opened this issue Jun 25, 2020 · 4 comments
Labels
Bug thing that needs fixing

Comments

@vanpana
Copy link

vanpana commented Jun 25, 2020

What / Why

Installing npm dependencies with the --no-save flag will remove other dependencies that were installed in the same manner.

When

Always.

Where

  • npm public registry

How

Current Behavior

Installing npm dependencies with the --no-save flag will remove other dependencies that were installed in the same manner.

Steps to Reproduce

  1. Init a folder with a package.json
  2. Run npm install {package1} --no-save. (replace package1 with whatever you want)
  3. Check node_modules for {package1}, you'll find it.
  4. Run npm install {package2} --no-save. (replace package2 with whatever you want)
  5. Check node_modules for {package2}, you'll find it.
  6. Check node_modules for {package1}, you WON'T find it.

Expected Behavior

Both packages should exist in node_modules
@jonchurch
Copy link

jonchurch commented Jun 25, 2020
edited
Loading

I'm not sure this is a bug. Dependency resolution relies heavily on package.json as the source of truth. According to the docs, npm will merge the dep tree from node_modules (during an install) with what is described by package.json, and add, move, or remove deps as necessary. It's not documented specifically, but I assume that what's happening is the package.json's dep tree takes precedence over what is described by node_modules (which is by design).

What usecase do you have for installing with --no-save? Without the deps being listed in package.json, it's impossible to have a reproducible build. If you're interested in installing deps that aren't deployed, use devDependencies and --save-dev to keep them out of your production build.

@ljharb
Copy link
Contributor

ljharb commented Jun 25, 2020

I think the auto-pruning behavior is very bad UX, but it's not a bug when that feature is enabled.

@vanpana
Copy link
Author

vanpana commented Jun 26, 2020

I'm not sure this is a bug. Dependency resolution relies heavily on package.json as the source of truth. According to the docs, npm will merge the dep tree from node_modules (during an install) with what is described by package.json, and add, move, or remove deps as necessary. It's not documented specifically, but I assume that what's happening is the package.json's dep tree takes precedence over what is described by node_modules (which is by design).

What usecase do you have for installing with --no-save? Without the deps being listed in package.json, it's impossible to have a reproducible build. If you're interested in installing deps that aren't deployed, use devDependencies and --save-dev to keep them out of your production build.

I have some dependencies that take a lot of time to be installed and not all of the devs on the project need them. So I just want to install them when the script that requires them is being called, but without having to persist them into the package.json.

@darcyclarke darcyclarke added the Bug thing that needs fixing label Oct 30, 2020
davidnussio added a commit to davidnussio/terminal-playground that referenced this issue Mar 15, 2021
@davidnussio
Workaround multiple deps npm/cli#1460
db5258e
@darcyclarke
Copy link
Contributor

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is reproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

kirrg001 pushed a commit to instana/nodejs that referenced this issue Mar 23, 2022
test: rewrite elastic modern test suite
398ddf8 
no issue

- it looks like `npm install --no-save` removes dependencies
  - might ref npm/cli#1460
- install multiple es versions in package.json
kirrg001 pushed a commit to instana/nodejs that referenced this issue Mar 24, 2022
test: removed --no-save from kafka-avro installation
3e329a0 
no issue

- prevention against npm/cli#1460
basti1302 pushed a commit to instana/nodejs that referenced this issue Mar 24, 2022
@basti1302
test: rewrite elastic modern test suite
cf915e5 
no issue

- it looks like `npm install --no-save` removes dependencies
  - might ref npm/cli#1460
- install multiple es versions in package.json
basti1302 pushed a commit to instana/nodejs that referenced this issue Mar 24, 2022
@basti1302
test: removed --no-save from kafka-avro installation
d4238d1 
no issue

- prevention against npm/cli#1460
@snyk-io snyk-io bot mentioned this issue Oct 23, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ljharb @darcyclarke @jonchurch @vanpana