Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

npm install re-downloads shrinkwrapped packages #3463

spmason opened this Issue May 21, 2013 · 3 comments


None yet
4 participants

spmason commented May 21, 2013

I've shrinkwrapped my project and whenever I npm install my project npm will re-fetch everything, regardless of whether the packages are already downloaded (in the npm cache) or already installed (in my node_modules folder)

Shouldn't npm install be using the local cached packages? Or at least just checking and getting 304 responses?

Here is a sample from my npm-shrinkwrap.json file, if I remove the "from" attributes this behaviour stops and it seems to be using the local cache:

"dependencies": {
    "htmlparser2": {
        "version": "2.5.2",
        "from": "htmlparser2@2.5.2",
        "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-2.5.2.tgz",
        "dependencies": {
            "domhandler": {
                "version": "2.0.3",
                "from": "domhandler@2.0.3",
                "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-2.0.3.tgz"
            "domutils": {
                "version": "1.0.1",
                "from": "domutils@1.0.1",
                "resolved": "https://registry.npmjs.org/domutils/-/domutils-1.0.1.tgz"
            "domelementtype": {
                "version": "1.1.1",
                "from": "domelementtype@1.1.1",
                "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-1.1.1.tgz"

Here's the npm install output after immediately performing an npm install on a clean checkout w/ no node_modules/ directory

npm http GET https://registry.npmjs.org/express/-/express-3.2.4.tgz
npm http GET https://registry.npmjs.org/sinon/-/sinon-1.6.0.tgz
npm http GET https://registry.npmjs.org/htmlparser2/-/htmlparser2-2.5.2.tgz
npm http GET https://registry.npmjs.org/request/-/request-2.14.0.tgz
npm http 200 https://registry.npmjs.org/express/-/express-3.2.4.tgz
npm http 200 https://registry.npmjs.org/htmlparser2/-/htmlparser2-2.5.2.tgz
npm http 200 https://registry.npmjs.org/sinon/-/sinon-1.6.0.tgz
npm http 200 https://registry.npmjs.org/request/-/request-2.14.0.tgz

+1 Am running into this as well.


gabrielf commented Aug 26, 2013

This seems to be a duplicate of/duplicates/is related to #3581

@domenic domenic closed this in 644c2ff Nov 26, 2013

@isaacs isaacs reopened this Dec 11, 2013


isaacs commented Dec 11, 2013

Unfortunately, the reverted in d8c907e, because 644c2ff introduces the new behavior that -f will reinstall ALL deps, no matter what.

While that's perhaps an ok thing, since "force is forceful" and all, it's new and a bit surprising.

@isaacs isaacs closed this in a362c3f Dec 16, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment