Intentionally malformed package.json causing build errors with meteor

[DavidShefcik]

I saw this was talked about in #265 but I am in a situation where I can not ignore node modules. I am using meteor.js for my project and one of my dependencies is using this package, but when meteor starts it sees the malformed package.json and crashes on start. I am not able to make it ignore node modules.

When I run meteor to start my application I get this error. After some digging it was caused by node_modules/resolve/test/resolver/malformed_package_json/package.json being invalid

=> Started proxy.
/Users/username/.meteor/packages/meteor-tool/.2.3.4.17nyv2i.8atx++os.osx.x86_64+web.browser+web.browser.legacy+web.cordova/mt-os.osx.x86_64/dev_bundle/lib/node_modules/meteor-promise/promise_server.js:218
      throw error;
      ^

SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)

When I look at the package.json causing this it contains this.

{

I know it was this package causing it because when I fixed that package.json my application loaded fine. I think the fix would be not including files not needed by the built package in the npm package. It currently includes things that should not be bundled like .github, example, and test

[ljharb]

Has a bug been filed on meteor? Anything that interacts with third-party code can’t ever make any assumptions about it, including that it’s valid json.

The tests are intentionally included; npm explore foo && npm install && npm test should always work.

[DavidShefcik]

I'll file one with Meteor and see what they say but I don't see why the end developer needs the repo files including the tests in the package. Most of the packages I've seen exclude them because there really is no need for the developer to run unit tests on an installed package. If a dev wants to do that they usually should pull the repo itself

[ljharb]

I don’t want to have to have an internet connection to run a dep’s tests.

Either way, that debate isn’t going to solve anything here.

i don’t understand why meteor is processing files that aren’t used by your code - does it read the readme as well, and the eslint config?

[DavidShefcik]

Meteor tries to process the package.json files in the node_modules to determine any extra things it needs to install. This is because it marks dependencies that have either preinstall, install, or postinstall scripts as not portable so it knows it has to reinstall them when the architecture the app is running on changes - https://github.com/meteor/meteor/blob/release-2.3.4/tools/isobuild/meteor-npm.js#L515.

When they parse the JSON they specify what to do in case it is malformed (https://github.com/meteor/meteor/blob/release-2.3.4/tools/fs/optimistic.ts#L321) but that does not seem to be functioning properly so I opened an issue with Meteor - meteor/meteor#11839.

I'll close this issue seeing as this is a Meteor thing.