Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] npm ls --long --json does not show license of dependencies #3634

Closed
1 task done
timhaines opened this issue Aug 8, 2021 · 3 comments
Closed
1 task done

[BUG] npm ls --long --json does not show license of dependencies #3634

timhaines opened this issue Aug 8, 2021 · 3 comments
Assignees
@lukekarrys
Labels
Bug thing that needs fixing Priority 2 secondary priority issue Release 8.x work is associated with a specific npm 8 release

Comments

@timhaines
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Running npm ls --long --json does not show the license field in dependencies, if npmv7 was used to install the packages.

npm ls --long --json does show the license field in dependencies if npmv6 was used to install the packages, even when npmv7 is used to run the ls command.

Expected Behavior

Expect to see the license field in the output for dependencies when npm ls --long --json is run.

Steps To Reproduce

  1. Run npm i with npm v7
  2. Run npm ls --long --json with npm v7
  3. Observe licenses field is missing for dependencies.

To observe better behaviour,

  1. Run npm i with npm v6
  2. Run npm ls --long --json with npm v7 (or v6)
  3. Observe licenses field is present for dependencies.

Environment

  • OS: macos
  • Node: v16.5.0
  • npm: 7.20.5
@timhaines timhaines added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Aug 8, 2021
@timhaines
Copy link
Author

If I delete the node_modules/.package-lock.json file, the licenses appear in the npm ls output as expected.

Paraphrasing friendly notes from someone else who knows about this:

The minified packument objects being served by the registry don't include the license fields.
npm 7 assumes that the lockfile it generates is complete, so it doesn't re-check the data against the package.json files or registry manifests, since it's better performance to just not do that.
As the data from the registry doesn't include the licenses field, then the data in the .package-lock.json is incomplete.
```.

@ljharb
Copy link
Contributor

ljharb commented Aug 9, 2021

Seems like the simple solution is to include license data in the hidden lockfile?

@nlf nlf added Release 8.x work is associated with a specific npm 8 release Priority 2 secondary priority issue and removed Release 7.x work is associated with a specific npm 7 release Needs Triage needs review for next steps labels Apr 27, 2022
@lukekarrys lukekarrys self-assigned this May 11, 2024
@lukekarrys
Copy link
Contributor

In #7475 the behavior was fixed so license will now be stored in (hidden) lockfiles. That makes npm ls --long --json work to show the license field again.

This fix will be included in npm@10.8.0. Once that is released you will need to rebuild your lockfiles and then npm ls should contain licenses again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lukekarrys lukekarrys

Labels
Bug thing that needs fixing Priority 2 secondary priority issue Release 8.x work is associated with a specific npm 8 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@timhaines @ljharb @nlf @lukekarrys