Installing packages with bad peerDependencies prevents future installs in that folder #3140

Closed
domenic opened this Issue Feb 8, 2013 · 4 comments

Projects

None yet

2 participants

@domenic
Member
domenic commented Feb 8, 2013

This is especially problematic for the global folder. See #3110 (comment)

@domenic
Member
domenic commented Feb 8, 2013

This is at the top of my weekend priority queue. Damn, I thought we'd really gotten these things straightened out.

@domenic
Member
domenic commented Feb 11, 2013

Actually, I'm starting to think this isn't a problem, except for legacy jitsu installs. Because after npm 1.2.10, it's impossible to install a package with invalid peer dependencies (it might work with --force?). So a user shouldn't be able to get into this situation where there's a "poisoned" folder.

It remains that there's a lot of bad jitsu installs out there, especially in the global node_modules folder, which poison global installation (see link in OP). I'm not sure there's a good solution for this though. @isaacs, thoughts?

(I came to this conclusion after writing a test that installed a bad peer deps package then installed another, but it passed immediately since the bad peer deps package never showed up in node_modules and thus never prevented installation.)

@banacorn

so will there be a npm repair, npm fix or npm antidote ... something like that?

@domenic
Member
domenic commented Feb 15, 2013

I mean, you could just alias npmrepair to npm uninstall jitsu -g; npm install jitsu -g.

@domenic domenic closed this Mar 11, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment