[BUG] NPM unable to resolve dependency tree when using overrides #8470
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
We ran into issue when switching to NPM v11 (from NPM v10) and our project fails to install.
When running npm ci (against lockfile generated by NPM v10) we recieve JavaScript Heap Out of Memory error. The process cannot be aborted via Control + C, it seems to be stuck in an infinite loop and eventually hits the memory limit.
When running npm install with package-lock.json file deleted, we get an error when resolving peer dependencies. This might be a better hint about where the error comes from.
I was able to create minimalistic project, where the conflicting dependencies are reported, unfortunately the Out of Memory error cannot be reproduced there, but I believe, it is somewhat connected.
Minimalistic project contains 3 packages, all have the same version 1.0.0 and they are all depending on each other via peerDependencies (you install one, you install all, there is a circular dependency, which is not good, but NPM was able to handle this until now). Specifically:
package-ahas a peer dependency topackage-cpackage-bhas a peer dependency topackage-apackage-chas a peer dependency topackage-a
This would still work, but the issue appears once you have a package.json like this.
{
"name": "web",
"version": "0.0.0",
"dependencies": {
"package-a": "1.0.0",
"package-b": "1.0.0",
"package-c": "1.0.0"
},
"overrides": {
"package-b": "1.0.0",
"package-c": "1.0.0"
}
}
The problematic part is the overrides configuration. If you remove one of the dependencies from overrides, everything works as expected again, but by overriding 2 packages that both have a peer dependency to package-a, you receive an error in conflict resolution.
I am getting this error, which does not really make any sense, because there is no real conflict. All the versions used are 1.0.0. But the very same issue happens even if I set all peerDependencies to *.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: web@0.0.0
npm error Found: package-a@1.0.0
npm error node_modules/package-a
npm error package-a@"1.0.0" from the root project
npm error peer package-a@"1.0.0" from package-b@1.0.0
npm error node_modules/package-b
npm error package-b@"1.0.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer package-a@"1.0.0" from package-c@1.0.0
npm error node_modules/package-c
npm error package-c@"1.0.0" from the root project
npm error peer package-c@"1.0.0" from package-a@1.0.0
npm error node_modules/package-a
npm error package-a@"1.0.0" from the root project
npm error 1 more (package-b)
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /Users/filip.satek/.npm/_logs/2025-07-30T05_44_45_627Z-eresolve-report.txt
npm error A complete log of this run can be found in: /Users/filip.satek/.npm/_logs/2025-07-30T05_44_45_627Z-debug-0.log
Expected Behavior
No memory error, no conflicting dependency error.
Steps To Reproduce
The issue has been introduced in NPM v11.2.0 (but has not been addressed yet) via this commit by @owlstronaut (sorry for tagging, but you probably have the best understanding of the problem).
npm install -g npm@11.5.1git clone git@github.com:Filipoliko/npm-install-overrides-error.git npm-install-overrides-errorcd npm-install-overrides-errornpx --registry https://registry.npmjs.org/ verdaccio --config ./verdaccio.yaml(and leave it running)- Open new terminal
./publish.shnpm install
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: web@0.0.0
npm error Found: package-a@1.0.0
npm error node_modules/package-a
npm error package-a@"1.0.0" from the root project
npm error peer package-a@"1.0.0" from package-b@1.0.0
npm error node_modules/package-b
npm error package-b@"1.0.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer package-a@"1.0.0" from package-c@1.0.0
npm error node_modules/package-c
npm error package-c@"1.0.0" from the root project
npm error peer package-c@"1.0.0" from package-a@1.0.0
npm error node_modules/package-a
npm error package-a@"1.0.0" from the root project
npm error 1 more (package-b)
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /Users/filip.satek/.npm/_logs/2025-07-30T05_44_45_627Z-eresolve-report.txt
npm error A complete log of this run can be found in: /Users/filip.satek/.npm/_logs/2025-07-30T05_44_45_627Z-debug-0.log
The same issue can be reproduced even with npm pack, but the error message is not as nice. See the project README.md for details how to check the npm pack version.
Environment
- npm: 11.5.1
- Node.js: 24.4.1
- OS Name: MacOS Sequoia 15.5
- System Model Name: Macbook Pro
- npm config:
; "user" config from /Users/filip.satek/.npmrc
; //localhost:4873/:_authToken = (protected) ; overridden by project
//registry.npmjs.org/:_authToken = (protected)
; registry = "https://registry.npmjs.org/" ; overridden by project
strict-ssl = true
; "project" config from /Users/filip.satek/git/npm-install-overrides-error/.npmrc
//localhost:4873/:_authToken = (protected)
registry = "http://localhost:4873"
; node bin location = /Users/filip.satek/.nvm/versions/node/v24.3.0/bin/node
; node version = v24.3.0
; npm local prefix = /Users/filip.satek/git/npm-install-overrides-error
; npm version = 11.5.1
; cwd = /Users/filip.satek/git/npm-install-overrides-error
; HOME = /Users/filip.satek
; Run `npm config ls -l` to show all defaults.