Skip to content

[BUG] NPM Install includes transitive devDependencies for file: dependencies. #492

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
MicahZoltu opened this issue Nov 18, 2019 · 3 comments
Closed

[BUG] NPM Install includes transitive devDependencies for file: dependencies. #492

MicahZoltu opened this issue Nov 18, 2019 · 3 comments
Labels
Bug thing that needs fixing

Comments

@MicahZoltu
Copy link

What / Why

If you have a file reference dependencies like { "dependencies": { "a": "file:../a" } }, when you npm install the transitive devDependencies of the package will be installed and added to your package-lock.json.

When

When you include a depnedency as a file reference when it has a transitive devDependency.

Where

NPM CLI

How

Current Behavior

<root>/b/package-lock.json will look like:

{
	"requires": true,
	"lockfileVersion": 1,
	"dependencies": {
		"a": {
			"version": "file:../a",
			"dependencies": {
				"typescript": {
					"version": "3.7.2",
					"resolved": "https://registry.npmjs.org/typescript/-/typescript-3.7.2.tgz",
					"integrity": "sha512-ml7V7JfiN2Xwvcer+XAf2csGO1bPBdRbFCkYBczNZggrBZ9c7G3riSUeJmqEU5uOtXNPMhE3n+R4FA/3YOAWOQ=="
				}
			}
		}
	}
}

Steps to Reproduce

<root>/a/package.json

{
	"devDependencies": {
		"typescript": "3.7.2"
	}
}

<root>/b/package.json

{
	"dependencies": {
		"a": "file:../a"
	}
}
cd a
npm install
cd ../b
npm install

Expected Behavior

<root>/b/package-lock.json should look like this:

{
	"requires": true,
	"lockfileVersion": 1,
	"dependencies": {
		"a": {
			"version": "file:../a",
			"dependencies": {}
		}
	}
}

Who

  • n/a

References

  • n/a
@jdmarshall jdmarshall mentioned this issue Mar 12, 2020
Closed
@kostia1st
Copy link

This behavior seems like leads to 2 instances of React (of different versions) in my app.

Is there any known way to work this around?

@romovs
Copy link

romovs commented Aug 22, 2020
edited
Loading

It also breaks npm ls --prod=true since the transitive dev dependencies are not marked as dev and npm ls starts complaining about extraneous packages.

npm v6.14.5

@darcyclarke darcyclarke added the Bug thing that needs fixing label Oct 30, 2020
This was referenced Apr 7, 2021
Closed
Closed
@darcyclarke
Copy link
Contributor

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

@MicahZoltu MicahZoltu mentioned this issue Jun 5, 2021
Closed
1 task
@hojatA1 hojatA1 mentioned this issue Jun 23, 2023
Open
@EMWickd EMWickd mentioned this issue Jun 24, 2023
Open
@EMWickd EMWickd mentioned this issue Dec 1, 2023
Open
@Billywildhig Billywildhig mentioned this issue Dec 1, 2023
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@darcyclarke @MicahZoltu @romovs @kostia1st