Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] npm removes invalid references instead of failing with an error starting in 9.6.6 #6742

Open
2 tasks done
yeikel opened this issue Aug 28, 2023 · 2 comments
Open
2 tasks done

[BUG] npm removes invalid references instead of failing with an error starting in 9.6.6 #6742

yeikel opened this issue Aug 28, 2023 · 2 comments
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 9.x work is associated with a specific npm 9 release

Comments

@yeikel
Copy link

yeikel commented Aug 28, 2023
edited

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

Starting with npm 9.6.6 if we run npm install fetch-factory@0.0.2 --package-lock-only with a package.json containing invalid references, it succeeds and removes the invalid references instead of failing with a validation error like previous versions

npm install fails as expected

I went over the release notes of 9.6.6 and I could not find any mention about this change in behavior. Was this intentional?

Expected Behavior

In 9.6.5 the same command fails with the error npm ERR! must provide string spec

Steps To Reproduce

Reproducer : https://github.com/yeikel/npm-invalid-dependency-removed
Logs : https://github.com/yeikel/npm-invalid-dependency-removed/actions/runs/5994585281/job/16256409062

  1. git clone https://github.com/yeikel/npm-invalid-dependency-removed.git
  2. nvm install 18
  3. nvm use 18
  4. npm --version -> 9.6.7
  5. Run npm install fetch-factory@0.0.2 --package-lock-only

Expected : npm should fail with the following error npm ERR! must provide string spec

Actual :

  • npm succeeds
  • npm removes the invalid dependencies from the package.json
diff --git a/package.json b/package.json
index fc17427..22a8ea8 100644
--- a/package.json
+++ b/package.json
@@ -1,4 +1,3 @@
-
 {
   "name": "name",
   "version": "1.0.0",
@@ -15,12 +14,6 @@
   },
   "homepage": "https://github.com/waltfy/PROTO_TEST#readme",
   "dependencies": {
-    "fetch-factory": "^0.0.1"
-  },
-  "devDependencies": {
-    "etag": "^1.0.0",
-    "cordova-plugin-geolocation": {
-      "GEOLOCATION_USAGE_DESCRIPTION": "To locate you"
-    }
+    "fetch-factory": "^0.0.2"
   }
 }

Environment

  • npm: Any after 9.6.5
  • Node.js: 18
@yeikel yeikel added Bug thing that needs fixing Needs Triage needs review for next steps Release 9.x work is associated with a specific npm 9 release labels Aug 28, 2023
@yeikel yeikel changed the title [BUG] Npm removes invalid dependencies instead of failing with an error [BUG] Npm removes invalid dependencies instead of failing with an error starting in 9.6.6 Aug 28, 2023
@yeikel yeikel changed the title [BUG] Npm removes invalid dependencies instead of failing with an error starting in 9.6.6 [BUG] npm removes invalid dependencies instead of failing with an error starting in 9.6.6 Aug 28, 2023
@yeikel yeikel changed the title [BUG] npm removes invalid dependencies instead of failing with an error starting in 9.6.6 [BUG] npm removes invalid references instead of failing with an error starting in 9.6.6 Aug 28, 2023
@yeikel yeikel mentioned this issue Aug 28, 2023
Merged
@THETCR
Copy link

THETCR commented Aug 31, 2023

This would technically be a breaking change for the end user and therefore not inline with the semantic versioning spec.

@aicest aicest mentioned this issue Jan 26, 2024
Closed
@yeikel yeikel mentioned this issue Mar 16, 2024
Open
@yeikel
Copy link
Author

yeikel commented Mar 16, 2024
edited

@wraithgar Do you have any insights about this one? From the release diff, it seems that you are the main contributor of this release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 9.x work is associated with a specific npm 9 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yeikel @THETCR