install
silently prunes misnamed git dependencies
#10401
Comments
The problem is this sort of thing: https://github.com/olizilla/app-with-typod-github-dependency/blob/92a9dfdb311a6872c152308302515de979cfa1ee/package.json#L6 |
Where the name given for a git url dep doesn't match the name given in the remote package.json, fail the install and let the user know. Existing `npm@3.4.0` behaviour is to siltenly prune the dep from the tree. with no warning. - Minimal fix for npm#10401 - Resuses the error message from [tarball verification](https://github.com/npm/npm/blob/65a64c9277184b1a0665d78fce0a9b00f930d9bc/lib/cache/add-local-tarball.js#L124)
Minimal fix here: #10410 |
See also: #8588 |
We're closing this issue as it has gone seven days without activity and without being labeled. If we haven't even labeled in issue in seven days then we're unlikely to ever read it. If you are still experiencing the issue that led to you opening this or this is a feature request you're still interested in then we encourage you to open a new issue. If this was a support issue, you may be better served by joining package.communty and asking your question there. For more information about our new issue aging policies and why we've instituted them please see our blog post. |
Adding a dependency on a git url fails silently if the name given doesn't match the name property of the remote package.json
This is an error on the users part, but the result is the remote dep is resolved correctly, but then pruned:
The user gets no warning of their mistake, and the dep is not installed.
This is most noticeable when coupled with casing issues. Given a dependency declaration like:
...where we've accidentally lowercased the dep name to
"select2"
(in savant-like readiness for the new way) but the remote is actually uppity cased as"Select2"
;in
npm@2
the dep is installed regardless.In
npm@3
the dep is silently pruned as if you never declared it, which is surprising when transitioning an old project.Digging around, I can see that it's because the resolved dep name doesn't match any listed deps, and is correctly pruned, so I reckon this sort of error should be caught earlier, in a similar way to how tarballs are verified
The text was updated successfully, but these errors were encountered: