Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] npm install with invalid JSON deletes contents of package.json and exits with success #1883

Closed
Coridyn opened this issue Oct 1, 2020 · 0 comments
Closed

[BUG] npm install with invalid JSON deletes contents of package.json and exits with success #1883

Coridyn opened this issue Oct 1, 2020 · 0 comments
Assignees
@ruyadorno
Labels
Bug thing that needs fixing Release 7.x work is associated with a specific npm 7 release
Milestone
OSS - Sprint 17

Comments

@Coridyn
Copy link

Coridyn commented Oct 1, 2020

Current Behavior:

If you have package.json with invalid/malformed JSON.

Running npm install deletes the contents of package.json and exits successfully with code 0.

package.json is rewritten to just be an empty JSON object {}, potentially losing data.

Expected Behavior:

npm should exit with a non-zero code and should not replace the contents of package.json.

Steps To Reproduce:

With this invalid JSON in package.json (note the invalid trailing comma in dependencies)

{
    "name": "example",
    "devDependencies": {
        "lodash": "^4.17.20",
    }
}

Run these commands:

$ npm install

up to date in 111ms

found 0 vulnerabilities

$ cat package.json
{}

npm exits with code 0 and rewrites the package.json to {}

Running same scenario with npm@v6.14.8 - npm has the expected behaviour: exits with non-zero code and does not change package.json content

$ npm --version
6.14.8

$ npm install
npm ERR! code EJSONPARSE
npm ERR! file /home/coridyn/npm7-workspace-test/temp/package.json
npm ERR! JSON.parse Failed to parse json
npm ERR! JSON.parse Unexpected token } in JSON at position 84 while parsing near '...h": "^4.17.20",
npm ERR! JSON.parse     }
npm ERR! JSON.parse }
npm ERR! JSON.parse '
npm ERR! JSON.parse Failed to parse package.json data.
npm ERR! JSON.parse package.json must be actual JSON, not just JavaScript.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/coridyn/.npm/_logs/2020-10-01T08_09_28_903Z-debug.log

Environment:

This occurs in both Windows and Linux

$ node --version
v12.16.2

$ npm --version
7.0.0-beta.13
@Coridyn Coridyn added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Oct 1, 2020
@darcyclarke darcyclarke added beta and removed Needs Triage needs review for next steps labels Oct 1, 2020
@darcyclarke darcyclarke added this to the OSS - Sprint 17 milestone Oct 6, 2020
@darcyclarke darcyclarke assigned ruyadorno and unassigned isaacs Oct 7, 2020
ruyadorno added a commit to npm/arborist that referenced this issue Oct 7, 2020
@ruyadorno
fix: do not rewrite malformed package.json
210ce9f 
Reify was rewiriting contents of a malformed package.json. This
changeset fixes the problem by making sure build-ideal-tree properly
throws when finding EJSONPARSE errors from the root package.json

Fixes: npm/cli#1883
@ruyadorno ruyadorno mentioned this issue Oct 7, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ruyadorno ruyadorno

Labels
Bug thing that needs fixing Release 7.x work is associated with a specific npm 7 release
Projects
None yet
Milestone
OSS - Sprint 17
Development

Successfully merging a pull request may close this issue.

fix: do not rewrite malformed package.json npm/arborist
4 participants
@isaacs @ruyadorno @darcyclarke @Coridyn