Skip to content

[BUG] npm i always pretends it "added 4 packages" #1813

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
targos opened this issue Sep 16, 2020 · 4 comments
Closed

[BUG] npm i always pretends it "added 4 packages" #1813

targos opened this issue Sep 16, 2020 · 4 comments
Assignees
@ruyadorno
Labels
Bug thing that needs fixing Release 7.x work is associated with a specific npm 7 release
Milestone
OSS - Sprint 16

Comments

@targos
Copy link
Contributor

targos commented Sep 16, 2020

Current Behavior:

With the provided reproduction steps, everytime npm i is executed, the output is:

added 4 packages, and audited 1729 packages in 2s

69 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

Expected Behavior:

Since the dependencies were previously installed with npm ci, npm i should be a no-op.

Steps To Reproduce:

See https://github.com/targos/npm7-cra#issue-3-npm-i-always-pretends-it-added-4-packages

Environment:

  • OS: CentOS 8, Windows 10
  • Node: 14.11.0
  • npm: 7.0.0-beta.11
@targos targos added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Sep 16, 2020
@isaacs
Copy link
Contributor

isaacs commented Sep 16, 2020

Do you still see this with the latest v7 release? I can't reproduce this one.

@targos
Copy link
Contributor Author

targos commented Sep 17, 2020

I see this with v7.0.0-beta.11. Is there a more recent version?

Full output of the repro:

# in ~/git/targos/npm7-cra on git:main o [16:18:21] 
$ git clean -fdx
Removing node_modules/

# in ~/git/targos/npm7-cra on git:main o [16:18:26] 
$ npm ci
npm WARN Error: Unsupported engine 
npm WARN deprecated @types/testing-library__dom@7.5.0: This is a stub types definition. testing-library__dom provides its own type definitions, so you do not need this installed.
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated left-pad@1.3.0: use String.prototype.padStart()
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated @hapi/address@2.1.4: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/joi@15.1.1: joi is leaving the @hapi organization and moving back to 'joi' (https://github.com/sideway/joi/issues/2411)
npm WARN deprecated core-js@2.6.11: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.

added 1733 packages, and audited 1729 packages in 6s

69 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

# in ~/git/targos/npm7-cra on git:main x [16:18:38] 
$ npm i

added 4 packages, and audited 1729 packages in 2s

69 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

@ruyadorno
Copy link
Contributor

ah, it has to do with optional dependencies @isaacs, easy to reproduce with --no-optional:

ruyadorno@14.10.1 ~/tmp/test-cra-01 npm i --no-optional
npm WARN deprecated @types/testing-library__dom@7.5.0: This is a stub types definition. testing-library__dom provides its own type definitions, so you do not need this installed.
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated left-pad@1.3.0: use String.prototype.padStart()
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated @hapi/address@2.1.4: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/joi@15.1.1: joi is leaving the @hapi organization and moving back to 'joi' (https://github.com/sideway/joi/issues/2411)
npm WARN deprecated core-js@2.6.11: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.

added 1995 packages, and audited 1901 packages in 34s

68 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
ruyadorno@14.10.1 ~/tmp/test-cra-01 npm i --no-optional

added 94 packages, and audited 1901 packages in 2s

68 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

@ruyadorno ruyadorno added beta and removed Needs Triage needs review for next steps labels Sep 17, 2020
@ruyadorno ruyadorno added this to the OSS - Sprint 15 milestone Sep 18, 2020
@ruyadorno ruyadorno self-assigned this Sep 18, 2020
ruyadorno added a commit to npm/arborist that referenced this issue Sep 18, 2020
@ruyadorno
fix: should not count omit deps in diff
bece889 
When using `omit: 'optional'` option the reify diff should not count
optional deps into its diff tree.

Fix: npm/cli#1813
@ruyadorno ruyadorno mentioned this issue Sep 18, 2020
Closed
ruyadorno added a commit to ruyadorno/cli that referenced this issue Sep 25, 2020
@ruyadorno
fix: added count on reify-output
06d64dc 
The added count on lib/utils/reify-output.js only looks up resulting
keys from arb.diff and does not take into account the fact that some of
these pkgs signaled as diff=ADD might in fact not have been installed,
most common scenario are optional deps that could have failed their
install in a given system or opt-out from configs.

This fixes the counting number by looking up at arb.inventory and
confirming it has the node that has been marked as added on diff result.

Fix: npm#1813
@ruyadorno ruyadorno mentioned this issue Sep 25, 2020
Closed
nlf pushed a commit that referenced this issue Sep 29, 2020
@ruyadorno @nlf
fix: added count on reify-output
3cc88d6 
The added count on lib/utils/reify-output.js only looks up resulting
keys from arb.diff and does not take into account the fact that some of
these pkgs signaled as diff=ADD might in fact not have been installed,
most common scenario are optional deps that could have failed their
install in a given system or opt-out from configs.

This fixes the counting number by looking up at arb.inventory and
confirming it has the node that has been marked as added on diff result.

Fix: #1813

PR-URL: #1858
Credit: @ruyadorno
Close: #1858
Reviewed-by: @nlf
nlf pushed a commit that referenced this issue Sep 29, 2020
@ruyadorno @nlf
fix: added count on reify-output
2715220 
The added count on lib/utils/reify-output.js only looks up resulting
keys from arb.diff and does not take into account the fact that some of
these pkgs signaled as diff=ADD might in fact not have been installed,
most common scenario are optional deps that could have failed their
install in a given system or opt-out from configs.

This fixes the counting number by looking up at arb.inventory and
confirming it has the node that has been marked as added on diff result.

Fix: #1813

PR-URL: #1858
Credit: @ruyadorno
Close: #1858
Reviewed-by: @nlf
@ruyadorno
Copy link
Contributor

Hi @targos thanks for reporting this one! 😄 It should now be fixed in latest beta release: v7.0.0-beta.13

Let us know in case you find more issues, these were super helpful 😊 Thanks again!

@Omrisnyk Omrisnyk mentioned this issue Nov 27, 2023
Open
@Omrisnyk Omrisnyk mentioned this issue Dec 20, 2023
Open
@Omrisnyk Omrisnyk mentioned this issue Feb 12, 2024
Open
@Omrisnyk Omrisnyk mentioned this issue Mar 22, 2024
Open
@Omrisnyk Omrisnyk mentioned this issue May 29, 2024
Open
@Omrisnyk Omrisnyk mentioned this issue Nov 7, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@ruyadorno ruyadorno

Labels
Bug thing that needs fixing Release 7.x work is associated with a specific npm 7 release
Projects
None yet
Milestone
OSS - Sprint 16
Development

Successfully merging a pull request may close this issue.

fix: should not count omitted optional deps in diff npm/arborist
4 participants
@isaacs @ruyadorno @darcyclarke @targos