False positives produced by deduping

[Faleij]

False positives are reported when having done a dedupe. Would be nice to have an option to exclude deduped packages.

[lijunle]

I don't understand how false happens on this case. Does the npm-dedupe affect the package.json file?

[Faleij]

Yes, it moves the deduped packages into package.json

[lijunle]

OK, is there any extra information to indicate which dedup package is used by which package?

Maybe I should try soon and revisit here.

[lijunle]

@Faleij

I run npm ddp on my project, the package.json file is not changed. I am using npm@3, are you running npm@2? Could you provide an example project that npm ddp will affect the package.json?

[Faleij]

Yes I'm running npm 2. Here's a sample package.json:

{
  "dependencies": {
    "mime-kind": "1.0.4",
    "nodal": "0.8.3",
    "octocat": "0.11.0"
  }
}

After dedupe:

{
  "dependencies": {
    "ansi-regex": "2.0.0",
    "async": "1.5.2",
    "chalk": "1.1.1",
    "lodash": "3.10.1",
    "mime-kind": "1.0.4",
    "nodal": "0.8.3",
    "octocat": "0.11.0",
    "strip-ansi": "3.0.1"
  }
}

[lijunle]

I get it. This is do-able. However, I want to ask the first simple question, why not use npm@3?

[Faleij]

npm 3 is considerably slower and I have had some compatibility issues

[lijunle]

OK. I will implement this after the current version 0.6.2 is out. Mark it on 0.6.3.

[lijunle]

@Faleij

While working on detected dedup packages, I have some questions:

1. Is it that, all level dependencies are flatten to root package.json? For example, dependency graph as a -> b -> c, the package b and c will be written to package.json if no conflict.
2. How about optionalDependencies and peerDependencies? In npm@2, both are installed by default.

[mnkhouri]

Newer npm versions no longer implement this style of deduping (since a while, now), so I'm going to close this issue as stale.

If anyone encounters a similar issue, please feel free to open a new issue!