[BUG] npm ls breaks when private repo dependency uses semver: for version matching

[NozzerFX]

Current Behavior:

When package.json contains a private git repository as a dependency with #semver version matching npm ls does not resolve any paths for production or development options. The following error occurs when not using the --silent flag.

verbose stack TypeError: Cannot read property '0' of undefined
4 verbose stack at npa (C:\Program Files\nodejs\node_modules\npm\node_modules\npm-package-arg\npa.js:34:25)
4 verbose stack at doesChildVersionMatch (C:\Program Files\nodejs\node_modules\npm\lib\install\deps.js:61:22)
4 verbose stack at versionMatch (C:\Program Files\nodejs\node_modules\npm\lib\install\deps.js:758:12)
4 verbose stack at Array.filter ()
4 verbose stack at exports.findRequirement (C:\Program Files\nodejs\node_modules\npm\lib\install\deps.js:768:23)
4 verbose stack at findChild (C:\Program Files\nodejs\node_modules\npm\lib\install\deps.js:122:17)
4 verbose stack at computeMetadata (C:\Program Files\nodejs\node_modules\npm\lib\install\deps.js:132:9)
4 verbose stack at C:\Program Files\nodejs\node_modules\npm\lib\ls.js:43:23
4 verbose stack at C:\Program Files\nodejs\node_modules\npm\lib\install\read-shrinkwrap.js:48:14
4 verbose stack at C:\Program Files\nodejs\node_modules\npm\node_modules\iferr\iferr.js:3:64
4 verbose stack at C:\Program Files\nodejs\node_modules\npm\lib\install\read-shrinkwrap.js:33:16
4 verbose stack at tryCatcher (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\util.js:16:23)
4 verbose stack at Promise._settlePromiseFromHandler (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:517:31)
4 verbose stack at Promise._settlePromise (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:574:18)
4 verbose stack at Promise._settlePromise0 (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:619:10)
4 verbose stack at Promise._settlePromises (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:699:18)
5 verbose cwd C:\Local Development\Web Projects\MyProject
6 verbose Windows_NT 10.0.19041
7 verbose argv "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js" "ls" "--production=true" "--parseable=true" "--long=false" "--all"
8 verbose node v12.16.1
9 verbose npm v6.13.4
10 error Cannot read property '0' of undefined
11 verbose exit [ 1, true ]

Expected Behavior:

Expect npm ls to output paths when the #semver syntax is not in use.

Steps To Reproduce:

• In package.json add a private repository to your dependencies. For example:

"dependencies": {
"some-private-library": "git+ssh://git@gitplace.org:example/some-private-library.git#semver:^1.0.0"
}

• Ensure you have some additional dependencies and devDependencies and then run the following:
  npm ls --production=true --parseable=true --long=false --silent --all
  OR
  npm ls --development=true --parseable=true --long=false --silent --all

You will not get any output from this command unless you remove semver: from the private git repo reference.

Environment:

• OS: Windows 10.0.19041.0
• Node: 12.16.1
• npm: 6.13.4

[ljharb]

What happens with npm 7?

[NozzerFX]

@ljharb - The result is better with npm 7.

When running for production and development I get expected results but I do still get an error for production

verbose stack Error: invalid: some-private-library@1.0.1 C:\Local Development\Web Projects\MyProject\node_modules\some-private-library
23 verbose stack at ls (C:\Users\richa\AppData\Roaming\npm\node_modules\npm\lib\ls.js:491:7)
24 verbose cwd C:\Local Development\Web Projects\MyProject
25 verbose Windows_NT 10.0.19041
26 verbose argv "C:\Program Files\nodejs\node.exe" "C:\Users\richa\AppData\Roaming\npm\node_modules\npm\bin\npm-cli.js" "ls" "--production=true" "--parseable=true" "--long=false" "--all"
27 verbose node v12.16.1
28 verbose npm v7.0.15
29 error code ELSPROBLEMS
30 error invalid: some-private-library@1.0.1 C:\Local Development\Web Projects\MyProject\node_modules\some-private-library
31 verbose exit 1

[darcyclarke]

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

[ljharb]

Reopening; the latest stack trace is npm 7.

[wraithgar]

The git tag parsing underwent a significant rewrite since this issue was opened. Is this still an issue in npm@7?

[Napas]

I'm still getting this issue with npm 7.19.1