-
Notifications
You must be signed in to change notification settings - Fork 3k
Missing dependencies after running npm install
a second time #16839
Description
I'm opening this issue because:
- npm is crashing.
- npm is producing an incorrect install.
- npm is doing something I don't understand.
- Other (see below for feature requests):
What's going wrong?
When there is an existing lockfile, npm5
does not install all necessary packages. (This issue specifically affects any project that depends on foundry-kue-scheduler
)
The initial invocation of npm install
installs the correct set of dependencies, and creates a lockfile as I would expect.
When I delete node_modules
, and run npm install
again (against the same lockfile), I get a different set of packages (several transitive dependencies are missing), and npm alters the contents package-lock.json
.
How can the CLI team reproduce the problem?
This seems to be a minimal test-case that shows how npm install
is broken for any package that depends on foundry-kue-scheduler
:
# scaffold a minimal project
$ mkdir npm5-test
$ cd npm5-test
$ npm init -y
# install/save my first/only dependency
$ npm i foundry-kue-scheduler
npm WARN deprecated redlock@2.1.1: possible critical bug, see https://github.com/mike-marcacci/node-redlock/issues/31
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN npm5-test@1.0.0 No description
npm WARN npm5-test@1.0.0 No repository field.
added 203 packages in 11.601s
# npm installed my packages and creates a lockfile
$ ls -lh
total 88
drwxr-xr-x 194 andrew staff 6.4K May 31 15:09 node_modules
-rw-r--r-- 1 andrew staff 38K May 31 15:09 package-lock.json
-rw-r--r-- 1 andrew staff 286B May 31 15:09 package.json
# one of my transitive dependencies is present
$ ls -lh node_modules/kue/package.json
-rw-r--r-- 1 andrew staff 2.0K May 31 15:09 node_modules/kue/package.json
# At this point, everything is OK.
# NPM has installed the set of packages that I expected.
# I can run `npm install` again, and it correctly reports that there's nothing to do.
# now, let's remove node_modules and reinstall (as though I'm installing
# packages for the first time in a repo that has package-lock.json checked-in,
# and node_modules is listed in .gitignore )
$ rm -rf node_modules/
$ npm i
npm WARN npm5-test@1.0.0 No description
npm WARN npm5-test@1.0.0 No repository field.
added 192 packages in 4.73s
# note that fewer packages were installed, and npm MODIFIED the extant lockfile
$ ls -lh
total 88
drwxr-xr-x 185 andrew staff 6.1K May 31 15:11 node_modules
-rw-r--r-- 1 andrew staff 36K May 31 15:11 package-lock.json
-rw-r--r-- 1 andrew staff 286B May 31 15:11 package.json
# also, my transitive dependency is gone.
$ ls node_modules/kue/package.json
ls: node_modules/kue/package.json: No such file or directory
# subsequent invocations of npm install make things even worse
$ npm i
npm WARN npm5-test@1.0.0 No description
npm WARN npm5-test@1.0.0 No repository field.
removed 190 packages in 3.026s
# ahhhhhh!
$ ls -lh
total 16
drwxr-xr-x 5 andrew staff 170B May 31 15:15 node_modules
-rw-r--r-- 1 andrew staff 503B May 31 15:15 package-lock.json
-rw-r--r-- 1 andrew staff 286B May 31 15:15 package.json
Here's a gist that shows the package structure, as well as the changes to package-lock.json
between the first and second invocation of npm install
.
supporting information:
npm -v
prints:5.0.0
node -v
prints:v6.10.3
npm config get registry
prints:- Windows, OS X/macOS, or Linux?: macOS (also verified inside Docker w/ Linux)
- Network issues:
- Geographic location where npm was run:
- I use a proxy to connect to the npm registry.
- I use a proxy to connect to the web.
- I use a proxy when downloading Git repos.
- I access the npm registry via a VPN
- I don't use a proxy, but have limited or unreliable internet access.
- Container:
- I develop using Vagrant on Windows.
- I develop using Vagrant on OS X or Linux.
- I develop / deploy using Docker.
- I deploy to a PaaS (Triton, Heroku).