Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] NPM Install includes transitive devDependencies for file: dependencies. #492

Closed
MicahZoltu opened this issue Nov 18, 2019 · 3 comments
Closed

[BUG] NPM Install includes transitive devDependencies for file: dependencies. #492

MicahZoltu opened this issue Nov 18, 2019 · 3 comments
Labels
Bug thing that needs fixing

Comments

@MicahZoltu
Copy link

What / Why

If you have a file reference dependencies like { "dependencies": { "a": "file:../a" } }, when you npm install the transitive devDependencies of the package will be installed and added to your package-lock.json.

When

When you include a depnedency as a file reference when it has a transitive devDependency.

Where

NPM CLI

How

Current Behavior

<root>/b/package-lock.json will look like:

{
	"requires": true,
	"lockfileVersion": 1,
	"dependencies": {
		"a": {
			"version": "file:../a",
			"dependencies": {
				"typescript": {
					"version": "3.7.2",
					"resolved": "https://registry.npmjs.org/typescript/-/typescript-3.7.2.tgz",
					"integrity": "sha512-ml7V7JfiN2Xwvcer+XAf2csGO1bPBdRbFCkYBczNZggrBZ9c7G3riSUeJmqEU5uOtXNPMhE3n+R4FA/3YOAWOQ=="
				}
			}
		}
	}
}

Steps to Reproduce

<root>/a/package.json

{
	"devDependencies": {
		"typescript": "3.7.2"
	}
}

<root>/b/package.json

{
	"dependencies": {
		"a": "file:../a"
	}
}
cd a
npm install
cd ../b
npm install

Expected Behavior

<root>/b/package-lock.json should look like this:

{
	"requires": true,
	"lockfileVersion": 1,
	"dependencies": {
		"a": {
			"version": "file:../a",
			"dependencies": {}
		}
	}
}

Who

  • n/a

References

  • n/a
@jdmarshall jdmarshall mentioned this issue Mar 12, 2020
Closed
@kostia1st
Copy link

This behavior seems like leads to 2 instances of React (of different versions) in my app.

Is there any known way to work this around?

@romovs
Copy link

romovs commented Aug 22, 2020
edited
Loading

It also breaks npm ls --prod=true since the transitive dev dependencies are not marked as dev and npm ls starts complaining about extraneous packages.

npm v6.14.5

@darcyclarke darcyclarke added the Bug thing that needs fixing label Oct 30, 2020
This was referenced Apr 7, 2021
Closed
Closed
@darcyclarke
Copy link
Contributor

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

@MicahZoltu MicahZoltu mentioned this issue Jun 5, 2021
Closed
1 task
@hojatA1 hojatA1 mentioned this issue Jun 23, 2023
Open
@EMWickd EMWickd mentioned this issue Jun 24, 2023
Open
@EMWickd EMWickd mentioned this issue Dec 1, 2023
Open
@Billywildhig Billywildhig mentioned this issue Dec 1, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@darcyclarke @MicahZoltu @romovs @kostia1st