You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.
Actually, I'm starting to think this isn't a problem, except for legacy jitsu installs. Because after npm 1.2.10, it's impossible to install a package with invalid peer dependencies (it might work with --force?). So a user shouldn't be able to get into this situation where there's a "poisoned" folder.
It remains that there's a lot of bad jitsu installs out there, especially in the global node_modules folder, which poison global installation (see link in OP). I'm not sure there's a good solution for this though. @isaacs, thoughts?
(I came to this conclusion after writing a test that installed a bad peer deps package then installed another, but it passed immediately since the bad peer deps package never showed up in node_modules and thus never prevented installation.)
This is especially problematic for the global folder. See https://github.com/isaacs/npm/pull/3110#issuecomment-13306074
The text was updated successfully, but these errors were encountered: