Wrong dependency version installed 2 Levels Deep with git urls

[dehru]

Hello,

I am trying to reference dependencies in github with urls and I need specific versions by tag. I have found out that the second level of dependencies ( my dependencies dependencies ) are not obeying the version on the git url. However, npm registered packages do ( like underscore ). I've created this simple example to prove I'm not insane. You can clone this repo at https://github.com/dehru/earth

earth@0.0.0 /Users/cromed/temp/npm/earth
├─┬ cat@0.0.0
│ ├─┬ air@0.0.2
│ │ ├─┬ elements@0.0.2
│ │ │ └── underscore@1.0.3
│ │ └── underscore@1.8.3
│ ├── underscore@1.8.2
│ └─┬ water@0.0.1
│   ├─┬ elements@0.0.2
│   │ └── underscore@1.0.3
│   └── underscore@1.6.0
├─┬ dog@0.0.0
│ ├─┬ air@0.0.2
│ │ ├─┬ elements@0.0.2
│ │ │ └── underscore@1.0.3
│ │ └── underscore@1.8.3
│ ├── underscore@1.8.1
│ └─┬ water@0.0.1
│   ├─┬ elements@0.0.2
│   │ └── underscore@1.0.3
│   └── underscore@1.6.0
├── elements@0.0.3
└── underscore@1.0.3

The cat and dog dependencies of earth have dependencies on air, but different versions of air. Cat specifically depends on air@0.1.0.

"air": "git+https://github.com/dehru/air.git#0.1.0",

Dog specifically depends on air@0.0.2

"air": "git+https://github.com/dehru/air.git#0.0.2",

But npm installed air@0.0.2 into both submodules as you can see above

My npm version is 2.8.3
I've also tested with npm version 2.7.5

This is disastrous when these submodules apis change. Please advise.

[lukas-zech-software]

We are experiencing the same issue

During one run of npm install only one version of a dependency defined via github url is installed in all modules, no matter what version the individual package.json's of these modules define.

If npm install is called inside the submodule folders, the correct versions for each module are installed

[dehru]

In order to fix this, we've had to install sinopia ( https://github.com/rlidwka/sinopia ) and begun publishing versions there ( since we aren't allowed to publish this code to the npm registry, even as a private module ). This is some added overhead, but has solved the issue. With the added support for "scopes" with npm, the solution is kinda nice.

package.json

  "publishConfig": {
    "scope": "@myproject",
    "registry": "http://yoursinopiainstance.com"
  },

[Crispy1975]

Same for us, only way to resolve dependencies is to navigate to the sub-folders and run npm install from there. Were using npm version 2.11.1.

[npm-robot]

We're closing this issue as it has gone thirty days without activity. In our experience if an issue has gone thirty days without any activity then it's unlikely to be addressed. In the case of bug reports, often the underlying issue will be addressed but finding related issues is quite difficult and often incomplete.

If this was a bug report and it is still relevant then we encourage you to open it again as a new issue. If this was a feature request then you should feel free to open it again, or even better open a PR.

For more information about our new issue aging policies and why we've instituted them please see our blog post.