You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.
If a github dependency's name doesn't match the name as specified in its own package.json, npm doesn't produce an error but instead creates an unstable package-lock.json
How can the CLI team reproduce the problem?
Add a github-based dependency, e.g. UglifyJS2's harmony branch
package-lock.json is produced that doesn't contain uglify-js (or uglify-es)
Remove node_modules directory (but not the lockfile), then run npm install again
The direct dependencies of uglify-js (actually uglify-es) are removed i.e. commander and source-map. If other modules depend on them, they are still removed (and those other modules break). package-lock.json is updated as well to reflect the removals.
Remove node_modules directory again, then run npm install again
More changes to package-lock.json (probably removing the indirect dependencies)
Expected behaviour:
I think error would work best (github dependency is named incorrectly, please change it?). Not 100% sure, in theory it could ignore what the package says about its name...
iarna
changed the title
Unstable package-lock.json when dependency name mismatches name in package.json for github dependency
Dependency name mismatches in package.json for git dependencies should produce error
Jul 6, 2017
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm opening this issue because:
What's going wrong?
If a github dependency's name doesn't match the name as specified in its own package.json, npm doesn't produce an error but instead creates an unstable package-lock.json
How can the CLI team reproduce the problem?
Add a github-based dependency, e.g. UglifyJS2's harmony branch
use a name that doesn't match the name in that dependency's package.json (e.g. use uglify-js whereas the harmony branch contains
"name":"uglify-es"
in package.jsonRun npm install
Remove
node_modules
directory (but not the lockfile), then run npm install againRemove
node_modules
directory again, then run npm install againExpected behaviour:
supporting information:
npm -v
prints: 5.0.3node -v
prints: v8.0.0npm config get registry
prints: https://registry.npmjs.org/The text was updated successfully, but these errors were encountered: