Missing dependencies after running npm install
a second time
#16839
Comments
Some quick discussion: The broken transitive dependency ( The fact that the "bare" I would not be surprised if This seems like a bug, but there doesn't seem to be much documentation about the contracts that NPM makes with regards to lockfiles, or how they're meant to be used in a typical workflow. For all I know, this could be an expected behavior. More documentation would be helpful. My $0.02 is that the "bare" |
Dropping a link to #16837 here, because it seems similar. |
Seeing these same results. We committed our package-lock.json after a brand new By weird, I'm seeing an issue where the repository URL ends up in the "version" field of package-lock.json. |
And to confirm I also see this only when locally removing the node_modules folder (which is also the environment in CI) |
I am seeing something very similar when updating a single package. For example, once everything is working fine, I can do this:
note that I just deleted one package that I directly depend on, and then running What is weirder is that if I do If I do something silly like go into a working directory that's all properly installed and do In all cases, this is only repaired by deleting both package-lock.json and node_modules and doing a fresh |
I was going to file my own bug, but I think this one covers my experience. I've managed to create a minimal experiment and demo repo that reproduces this behavior; the README has all the details: https://github.com/mbland/npm-v5-package-lock-bug-demo Hopefully it's helpful here. The upshot: the problem appears related to |
@mbland awesome work! Thanks for this 🎉 |
FYI, just re-ran all the scenarios with npm v5.0.2, and got essentially the same results. The only difference is that buffer-shims is no longer installed, because readable-stream v2.2.10 no longer depends on it. |
I think I was able to work around it by manually installing the missing dependencies until there were none left and letting For example: ❯ npm test
module.js:487
throw err;
^
Error: Cannot find module 'pretty-error'
at Function.Module._resolveFilename (module.js:485:15)
❯ npm install pretty-error
npm WARN solution-manager@1.0.0 No repository field.
+ pretty-error@2.1.0
added 21 packages, removed 1 package and updated 14 packages in 3.072s
❯ npm run test
module.js:487
throw err;
^
Error: Cannot find module 'wrap-ansi'
at Function.Module._resolveFilename (module.js:485:15)
❯ npm install wrap-ansi
npm WARN solution-manager@1.0.0 No repository field.
+ wrap-ansi@2.1.0
added 1 package, removed 1 package and updated 14 packages in 2.519s
❯ npm test
IT WORKS! And Now to confirm it actually helped anything: ❯ rm node_modules
❯ npm test
module.js:487
throw err;
^
Error: Cannot find module 'yargs'
at Function.Module._resolveFilename (module.js:485:15)
❯ npm install
added 380 packages in 55.731s
❯ npm test
IT WORKS! Looking good! I'm going to do some more testing, however I wanted to report my strange findings here in case it helps anyone. Hope we can get this resolved soon! |
I can confirm the comment by @Glavin001. We handled it by having our developers that removed node_modules remove |
Remove `package-lock.json` as for now, using it results in missing dependencies after running `npm install`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - Ref npm/npm#16839. Close #246
I upgraded to npm5 while using Expo (for react native, it installs about 700 packages within node_modules without adding them to package.json) I did npm install for the first time to add one package and it pruned the entire node_modules directory, and I had to downgrade to npm4.x , create a new Expo project, and copy paste my src folder and configs. Is it a feature that npm5 prunes by default on each install or was it an attempt to make it "better than yarn"? Because that didn't work at all, I went back to yarn after all. |
Remove `package-lock.json` as for now, using it results in missing dependencies after running `npm install`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - Ref npm/npm#16839 Close #246
Remove `package-lock.json` as for now, using it results in missing dependencies after running `npm install`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - Ref npm/npm#16839
The behavior of the mbland/npm-v5-package-lock-bug-demo scenarios still holds under 5.0.3. (Note: I haven't been pushing Though I've a lot of detail in the README of that repo already, I've a few more observations and thoughts I'll share here. Problems arise when only one artifact is presentIt seems First problem: missing
|
I can also confirm this - using private repo aka Is it possible that during typing keyphrase for ssh, the time used to do it can change anything? |
Running into a similar issue with npm prune --production. A git+ssh dependency that is defined in |
Same problem. After installing dependency, like "npm install -D $depname", gulp appears missing. Gulp is defined if package.json as "github:gulpjs/gulp#4.0". "npm install" then fixes the problem. |
Same here on npm v5.7.1 with cyrillic-to-translit-js being defined in package.json as "cyrillic-to-translit-js": "github:greybax/cyrillic-to-translit-js#master" Seems the issue is still relevant. @zkat mind reopening? |
This issue happened to me when I requested from the Development server a bundle without the platform and dev flags. I was requesting the bundle like Once I changed it to |
I've just seen this on a Dependabot pull request and dug into it. I think I have a fix, but my knowledge of the npm codebase / JS isn't good enough to implement it and (particularly) write tests for it. First up, here are some reproduction steps:
The Next up, I think I've isolated the problem in npm: Finally here is a PR that I'm pretty sure fixes this I'd love help from a maintainer to get it tested and over the line. |
The same problem! What is the need for |
Well, I've found a reason of this "remove all of them" behavior of npm. It's all about In the process of installation of ANY package locally, npm will auto-scan versions of every package recorded in the I will just remind, that version So, I think it can be confusing for a lot of people. When, for example they know, that Angular 5 doesn't has "cataclysmic" changes in compare to Angular 4. And if your
... and all your It was like that couple days ago with npm v5.6.0 ... and yesterday they released version 6.0.0, and it still works in this not very smart order. So, be careful, folks! 😎 |
git+ssh dependencies are still removed in v6.1.0.... |
I'm opening this issue because:
What's going wrong?
When there is an existing lockfile,
npm5
does not install all necessary packages. (This issue specifically affects any project that depends onfoundry-kue-scheduler
)The initial invocation of
npm install
installs the correct set of dependencies, and creates a lockfile as I would expect.When I delete
node_modules
, and runnpm install
again (against the same lockfile), I get a different set of packages (several transitive dependencies are missing), and npm alters the contentspackage-lock.json
.How can the CLI team reproduce the problem?
This seems to be a minimal test-case that shows how
npm install
is broken for any package that depends onfoundry-kue-scheduler
:Here's a gist that shows the package structure, as well as the changes to
package-lock.json
between the first and second invocation ofnpm install
.supporting information:
npm -v
prints:5.0.0
node -v
prints:v6.10.3
npm config get registry
prints:The text was updated successfully, but these errors were encountered: