npm@v3: npm shrinkwrap is broken #9703

Open
fundon opened this Issue Sep 22, 2015 · 49 comments

Projects

None yet
@fundon
fundon commented Sep 22, 2015

My package.json is below:

  "dependencies": {
    "bluebird": "^2.10.0",
    "connect-redis": "1.4.5",
    "decimal.js": "^4.0.2",
    "dotenv": "^1.2.0",
    "ejs": "~0.8.4",
    "file-type": "^2.10.2",
    "fs-extra": "^0.24.0",
    "grunt": "^0.4.2",
    "grunt-contrib-clean": "~0.5.0",
    "grunt-contrib-coffee": "~0.10.1",
    "grunt-contrib-concat": "~0.3.0",
    "grunt-contrib-copy": "~0.5.0",
    "grunt-contrib-cssmin": "~0.9.0",
    "grunt-contrib-jst": "~0.6.0",
    "grunt-contrib-less": "0.11.1",
    "grunt-contrib-uglify": "~0.4.0",
    "grunt-contrib-watch": "^0.6.1",
    "grunt-sails-linker": "^0.9.6",
    "grunt-sync": "~0.0.4",
    "hashids": "^1.0.2",
    "html-pdf": "^1.4.0",
    "include-all": "~0.1.3",
    "ipaddr.js": "^1.0.3",
    "ipware": "0.0.7",
    "is-svg": "~1.1.1",
    "joi": "^6.7.0",
    "jsonwebtoken": "^5.0.5",
    "kue": "^0.9.4",
    "lodash": "^3.10.1",
    "method-override": "^2.3.5",
    "mime": "^1.3.4",
    "moment": "^2.10.6",
    "morgan": "^1.6.1",
    "mz": "^2.0.0",
    "native-or-bluebird": "^1.2.0",
    "node-uuid": "~1.4.3",
    "node-xlsx": "^0.6.0",
    "otp.js": "^1.0.4",
    "passport": "^0.3.0",
    "passport-local": "^1.0.0",
    "pg": "^4.4.1",
    "pg-native": "^1.9.0",
    "pg-promise": "^1.10.5",
    "pingpp": "^2.0.6",
    "pinyin": "^2.6.2",
    "qr-image": "^3.1.0",
    "raw-body": "^2.1.3",
    "rc": "^0.5.5",
    "request-promise": "^0.4.3",
    "sails": "^0.11.0",
    "sails-disk": "^0.10.8",
    "sails-hook-email": "^0.12.1",
    "sails-migrations": "^2.0.7",
    "sails-postgresql": "^0.10.16",
    "sails-redis": "^0.10.5",
    "sha1-hex": "^1.0.0",
    "shortid": "^2.2.2",
    "slug": "^0.9.1",
    "statuses": "^1.2.1",
    "thenify": "^3.1.0",
    "utf8": "^2.1.1",
    "wechat-oauth": "^1.1.0"
  },
  "devDependencies": {
    "eslint": "^1.3.x",
    "espower-loader": "^1.0.0",
    "grunt-rename": "^0.1.4",
    "istanbul": "^0.3.x",
    "mocha": "^2.3.2",
    "power-assert": "^1.0.0",
    "shipit": "^0.2.4",
    "shipit-deploy": "^2.0.0",
    "shipit-npm": "^0.2.0",
    "should": "^7.1.0",
    "supertest": "^1.1.0"
  }

Reports:

npm ERR! Darwin 15.0.0
npm ERR! argv "/Users/fundon/.nvm/versions/io.js/v3.3.1/bin/iojs" "/Users/fundon/.nvm/versions/io.js/v3.3.1/bin/npm" "shrinkwrap"
npm ERR! node v3.3.1
npm ERR! npm  v3.3.3

npm ERR! Problems were encountered
npm ERR! Please correct and try again.
npm ERR! invalid: have bluebird@2.9.34 (expected: ^2.10.0) Cuckoo/node_modules/bluebird
npm ERR! invalid: have joi@6.6.1 (expected: ^6.7.0) Cuckoo/node_modules/joi
npm ERR! invalid: have pg-promise@1.9.9 (expected: ^1.10.5) Cuckoo/node_modules/pg-promise
npm ERR! invalid: have raw-body@2.1.2 (expected: ^2.1.3) Cuckoo/node_modules/raw-body
npm ERR! missing: mime@~1.2.11, required by form-data@0.1.4
npm ERR! extraneous: pg-promise@1.9.9 Cuckoo/node_modules/pg-promise
npm ERR! invalid: have noptify@0.0.3 (expected: latest) Cuckoo/node_modules/sails/node_modules/grunt-contrib-watch/node_modules/tiny-lr/node_modules/noptify
npm ERR! extraneous: noptify@0.0.3 Cuckoo/node_modules/sails/node_modules/grunt-contrib-watch/node_modules/tiny-lr/node_modules/noptify
npm ERR! missing: bufferutil@1.1.x, required by ws@0.7.2
npm ERR! missing: utf-8-validate@1.1.x, required by ws@0.7.2
npm ERR! missing: bufferutil@1.1.x, required by ws@0.7.2
npm ERR! missing: utf-8-validate@1.1.x, required by ws@0.7.2
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
npm ERR!     Cuckoo/npm-debug.log
@fundon fundon changed the title from npm shrinkwrap is broken to npm@v3: npm shrinkwrap is broken Sep 22, 2015
@othiym23 othiym23 added the support label Sep 22, 2015
@othiym23
Contributor

From the log output you've included, it looks like you should run npm install again before running npm shrinkwrap, because the packages on disk have gotten out of sync with the dependencies expressed in package.json. Additionally, it looks like pg-promise and noptify should go into package.json, or perhaps you should run npm prune to get rid of the extraneous packages. npm shrinkwrap will only shrinkwrap what's on disk now (after first verifying that it matches up with what's in package.json), but it does treat package.json as the source of truth about what your application needs to be correctly installed, and won't capture the application in a bad state.

@fundon
fundon commented Sep 22, 2015

I removed the npm-shrinkwrap.json and node_modules, then reinstall packages npm i -d and exec npm shrinkwrap.

npm ERR! argv "/Users/fundon/.nvm/versions/io.js/v3.3.1/bin/iojs" "/Users/fundon/.nvm/versions/io.js/v3.3.1/bin/npm" "shrinkwrap"
npm ERR! node v3.3.1
npm ERR! npm  v3.3.3

npm ERR! Problems were encountered
npm ERR! Please correct and try again.
npm ERR! extraneous: eslint@1.5.0 Cuckoo/node_modules/eslint
npm ERR! extraneous: espower-loader@1.0.0 Cuckoo/node_modules/espower-loader
npm ERR! extraneous: grunt-rename@0.1.4 Cuckoo/node_modules/grunt-rename
npm ERR! extraneous: istanbul@0.3.20 Cuckoo/node_modules/istanbul
npm ERR! extraneous: mocha@2.3.3 Cuckoo/node_modules/mocha
npm ERR! extraneous: power-assert@1.0.1Cuckoo/node_modules/power-assert
npm ERR! invalid: have noptify@0.0.3 (expected: latest) Cuckoo/node_modules/sails/node_modules/grunt-contrib-watch/node_modules/tiny-lr/node_modules/noptify
npm ERR! extraneous: noptify@0.0.3 Cuckoo/node_modules/sails/node_modules/grunt-contrib-watch/node_modules/tiny-lr/node_modules/noptify
npm ERR! extraneous: shipit@0.2.6 Cuckoo/node_modules/shipit
npm ERR! extraneous: shipit-deploy@2.0.0 Cuckoo/node_modules/shipit-deploy
npm ERR! extraneous: shipit-npm@0.2.0 Cuckoo/node_modules/shipit-npm
npm ERR! extraneous: should@7.1.0 Cuckoo/node_modules/should
npm ERR! extraneous: supertest@1.1.0 Cuckoo/node_modules/supertest
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!     <https://github.com/npm/npm/issues>

npm ERR! Please include the following file with any support request:
@othiym23 othiym23 added bug and removed support labels Sep 22, 2015
@othiym23 othiym23 added this to the 3.x milestone Sep 22, 2015
@fundon
fundon commented Sep 22, 2015

The latest npm@v2 is fine.

@othiym23
Contributor

Interesting! I took the chunk you pasted above and turned it into a working package.json, which creates npm-shrinkwrap.json with no errors and only the expected warnings (about excluded devDependencies). I don't think any of the changes in the most recent testing release should affect shrinkwraps, but before I ask @iarna to take a look at this, can you try running npm install && npm shrinkwrap with npm@next?

@fundon
fundon commented Sep 22, 2015

Okay, I'm trying it.

@othiym23
Contributor

I ran the install again from scratch, and got a different result. That indicates to me that there may be a race condition in the installer, or perhaps something about using metadata or packages from the cache rather than the registry itself. @iarna, when you have a few moments, could you take a look at this?

@dominykas

I think this might be related... node 4, npm 3.3.3

All it takes is npm i hapi@9.x --save:

tmp@1.0.0 /Users/dominykas/devel/projects/tmp
└─┬ hapi@9.3.1
  ├── accept@1.1.0
  ├── ammo@1.0.1
  ├── boom@2.8.0
  ├── call@2.0.2
  ├── catbox@6.0.0
  ├── catbox-memory@1.1.2
  ├── cryptiles@2.0.4
  ├─┬ heavy@3.0.0
  │ └── UNMET DEPENDENCY joi@5.x.x
  ├── hoek@2.14.0
  ├── iron@2.1.3
  ├── items@1.1.0
  ├─┬ joi@6.6.1
  │ ├── isemail@1.1.1
  │ └── moment@2.10.6
  ├── kilt@1.1.1
  ├─┬ mimos@2.0.2
  │ └── mime-db@1.18.0
  ├── peekaboo@1.0.0
  ├── qs@4.0.0
  ├── shot@1.6.0
  ├── statehood@2.1.1
  ├─┬ subtext@2.0.0
  │ ├── content@1.0.2
  │ ├─┬ pez@1.0.0
  │ │ ├── b64@2.0.0
  │ │ └─┬ nigel@1.0.1
  │ │   └── vise@1.0.0
  │ └── wreck@6.1.0
  └── topo@1.0.3

npm ERR! missing: joi@5.x.x, required by heavy@3.0.0

Notice there's a shrinkwrap included, which does not include joi explicitly: https://github.com/hapijs/hapi/blob/v9.3.1/npm-shrinkwrap.json#L26

@othiym23 othiym23 added the shrinkwrap label Sep 28, 2015
@sqrammi
sqrammi commented Oct 3, 2015

I am having major issues with npm3 shrinkwrap as well. For one, when I run npm install on a Mac, it installs fsevents into node_modules (even though it is not in package.json), which thus ends up in my npm-shrinkwrap.json, but this cannot be install on Linux, so I have to remove it manually.

@othiym23 othiym23 modified the milestone: next-next-3, 3.x Oct 15, 2015
@markstos

I might I ran into this case, where "npm install" succeeded, but then "npm shrinkwrap --dev" failed with an error about missing dependencies. I blew away node_modules, ran the sequence again, and it worked.

@iarna
Member
iarna commented Oct 22, 2015

I haven't been able to reproduce the issue @fundon and @othiym23 were discussing...

I have been able to reproduce (and fix) the (probably) unrelated issue that @dominykas brought up. That's landing later today with 3.3.10.

@sqrammi Your issue seems to be yet another thing, and not actually a new problem to npm@3. Not that this means we don't want to address the underlying work-flow issue.

@iarna
Member
iarna commented Oct 23, 2015

I was confusing the patch for @dominykas's issue with another, unrelated shrinkwrap PR that did land with 3.3.10. The patch for this issue didn't get a test in under our cut off, so it'll land next week.

I'm going to mark this issue as needs-reproduction and put it back in the 3.x pool, as I've not been able to reproduce the original issue @fundon and @othiym23 described.

@iarna iarna added the repro-please label Oct 23, 2015
@iarna iarna modified the milestone: 3.x, next-3 Oct 23, 2015
@alekstorm

I can reproduce this consistently by running npm install with no npm-shrinkwrap.json or node_modules and the following package.json:

{
  "name": "bluesky",
  "version": "0.0.1",
  "private": true,
  "dependencies": {
    "intern": "=2.2.2"
  }
}

Then, running npm ls gives the following:

uglify-js@2.3.6
  │ │   └── async@0.2.10
  │ ├─┬ js-yaml@3.4.3
  │ │ ├─┬ argparse@1.0.3
  │ │ │ ├── lodash@3.10.1
  │ │ │ └── sprintf-js@1.0.3
  │ │ └── esprima@2.7.0
  │ ├─┬ mkdirp@0.5.1
  │ │ └── minimist@0.0.8
  │ ├── nopt@3.0.4
  │ ├── resolve@0.7.4
  │ ├── which@1.0.9
  │ └── wordwrap@0.0.3
  ├─┬ leadfoot@1.2.1
  │ └── dojo@2.0.0-alpha4
  └─┬ source-map@0.1.33
    └── amdefine@1.0.0

npm ERR! extraneous: chai@1.9.1 /Users/alek/bluesky/node_modules/chai
npm ERR! extraneous: diff@1.1.0 /Users/alek/bluesky/node_modules/diff
npm ERR! extraneous: dojo@2.0.0-dev /Users/alek/bluesky/node_modules/dojo

npm shrinkwrap gives similar errors, so we'll be stuck on npm 2.x until this is fixed. I'm using node 4.1.1 and npm 3.3.12.

@thomblake
Contributor

@iarna @othiym23 Does Alek's comment above give enough info to reproduce?

@thomblake
Contributor

This is blocking our upgrade to npm@3 - is there anything else we can do to help?

@fundon
fundon commented Nov 18, 2015

@iarna @othiym23 It's working on Node 5.0.0 and NPM 3.4.0.

@alekstorm

@fundon @iarna @othiym23 I just tried the above package.json again on Node 5.1.0, NPM 3.4.0, and OS X 10.10.1. Still gives me the exact same error.

@thomblake
Contributor

I can reproduce this after all. I was forgetting to run npm ls. Installing Node 5.1.0 via nvm, then npm 3.4.0 via npm install -g npm@3.4.0. I'm on OS X 10.10.4

@thomblake
Contributor

Here's npm ls -ddd

$ npm -ddd ls
npm info it worked if it ends with ok
npm verb cli [ '/Users/thomblake/.nvm/versions/node/v5.1.0/bin/node',
npm verb cli   '/Users/thomblake/.nvm/versions/node/v5.1.0/bin/npm',
npm verb cli   '-ddd',
npm verb cli   'ls' ]
npm info using npm@3.4.0
npm info using node@v5.1.0
bluesky@0.0.1 /Users/thomblake/test_shrinkwrap
├── chai@1.9.1 extraneous
├── diff@1.1.0 extraneous
├── dojo@2.0.0-dev extraneous
└─┬ intern@2.2.2
  ├─┬ chai@1.9.1 -> /Users/thomblake/test_shrinkwrap/node_modules/chai
  │ ├── assertion-error@1.0.0
  │ └─┬ deep-eql@0.1.3
  │   └── type-detect@0.1.1
  ├── charm@0.2.0
  ├── diff@1.1.0 -> /Users/thomblake/test_shrinkwrap/node_modules/diff
  ├─┬ digdug@1.2.1
  │ ├─┬ decompress@0.2.3
  │ │ ├── adm-zip@0.4.7
  │ │ ├─┬ extname@0.1.5
  │ │ │ ├─┬ ext-list@0.2.0
  │ │ │ │ └─┬ got@0.2.0
  │ │ │ │   └── object-assign@0.3.1
  │ │ │ └── underscore.string@2.3.3
  │ │ ├── get-stdin@0.1.0
  │ │ ├─┬ map-key@0.1.5
  │ │ │ └── lodash@2.4.2
  │ │ ├── mkdirp@0.3.5
  │ │ ├── nopt@2.2.1
  │ │ ├─┬ rimraf@2.4.3
  │ │ │ └─┬ glob@5.0.15
  │ │ │   ├─┬ inflight@1.0.4
  │ │ │   │ └── wrappy@1.0.1
  │ │ │   ├─┬ minimatch@3.0.0
  │ │ │   │ └─┬ brace-expansion@1.1.1
  │ │ │   │   ├── balanced-match@0.2.1
  │ │ │   │   └── concat-map@0.0.1
  │ │ │   ├── once@1.3.2
  │ │ │   └── path-is-absolute@1.0.0
  │ │ ├─┬ stream-combiner@0.0.4
  │ │ │ └── duplexer@0.1.1
  │ │ ├─┬ tar@0.1.20
  │ │ │ ├── block-stream@0.0.8
  │ │ │ ├─┬ fstream@0.1.31
  │ │ │ │ ├── graceful-fs@3.0.8
  │ │ │ │ └── mkdirp@0.5.1
  │ │ │ └── inherits@2.0.1
  │ │ └─┬ tempfile@0.1.3
  │ │   └── uuid@1.4.2
  │ └── dojo@2.0.0-alpha4
  ├── dojo@2.0.0-dev -> /Users/thomblake/test_shrinkwrap/node_modules/dojo
  ├─┬ istanbul@0.2.16
  │ ├── abbrev@1.0.7
  │ ├── async@0.9.2
  │ ├─┬ escodegen@1.3.3
  │ │ ├── esprima@1.1.1
  │ │ ├── estraverse@1.5.1
  │ │ └── esutils@1.0.0
  │ ├── esprima@1.2.5
  │ ├─┬ fileset@0.1.8
  │ │ ├─┬ glob@3.2.11
  │ │ │ └── minimatch@0.3.0
  │ │ └─┬ minimatch@0.4.0
  │ │   ├── lru-cache@2.7.0
  │ │   └── sigmund@1.0.1
  │ ├─┬ handlebars@1.3.0
  │ │ ├── optimist@0.3.7
  │ │ └─┬ uglify-js@2.3.6
  │ │   └── async@0.2.10
  │ ├─┬ js-yaml@3.4.3
  │ │ ├─┬ argparse@1.0.3
  │ │ │ ├── lodash@3.10.1
  │ │ │ └── sprintf-js@1.0.3
  │ │ └── esprima@2.7.0
  │ ├─┬ mkdirp@0.5.1
  │ │ └── minimist@0.0.8
  │ ├── nopt@3.0.6
  │ ├── resolve@0.7.4
  │ ├── which@1.0.9
  │ └── wordwrap@0.0.3
  ├─┬ leadfoot@1.2.1
  │ └── dojo@2.0.0-alpha4
  └─┬ source-map@0.1.33
    └── amdefine@1.0.0

npm ERR! extraneous: chai@1.9.1 /Users/thomblake/test_shrinkwrap/node_modules/chai
npm ERR! extraneous: diff@1.1.0 /Users/thomblake/test_shrinkwrap/node_modules/diff
npm ERR! extraneous: dojo@2.0.0-dev /Users/thomblake/test_shrinkwrap/node_modules/dojo
npm verb exit [ 1, true ]
@thomblake
Contributor

Also interesting - npm prune does nothing

@thomblake
Contributor

Perhaps unsurprisingly at this point, if I go through the deps programmatically using read-installed then nothing is marked as extraneous.

@thomblake
Contributor

I guess that means the problem must be a difference between read-installed and install/mutate-into-logical-tree.js->asReadInstalled

@thomblake
Contributor

So far I've figured out that install/deps.js->addRequiredDep is called where flatNameFromTree(tree) === '/intern' && moduleName(child) === 'chai' and it correctly sets chai's requiredBy and package._requiredBy. Haven't found yet where that gets unset.

@thomblake
Contributor

Inspecting the end of recalculateMetadata it looks like the node for chai under root -> intern -> children has the correct _requiredBy, but the chai under root -> children has the empty array for _requiredBy. I'm uncertain how this information helps.

@thomblake
Contributor

Confusing! If I look on the filesystem at node_modules/chai/package.json, _requiredBy is actually set correctly to [ '/intern' ].

@thomblake
Contributor

Okay, I think I might have it. In recalculateMetadata we call resolveWithExistingModule on each child which eventually sets _requiredBy. But we get the children to call this on using findRequirement which just returns one match, but it looks like the tree has 2 different package objects for chai, so only one of them is updated and the other one ends up looking extraneous.

So the bug is either that there are 2 different instances of the same package on the tree, or that they are not both updated with _requiredBy.

@thomblake thomblake added a commit to thomblake/npm that referenced this issue Nov 19, 2015
@thomblake thomblake Fix the error where top-level flattened dependencies are erroneously …
…marked as extraneous

See #9703
13dcae1
@thomblake thomblake added a commit to thomblake/npm that referenced this issue Nov 19, 2015
@thomblake thomblake Fix the error where top-level flattened dependencies are erroneously …
…marked as extraneous

See #9703
f3ae880
@thomblake
Contributor

I wouldn't want to submit this as a PR because there are multiple issues (for example I'm not checking version) but here's an example of a fix that fixes this. thomblake@f3ae880

@markstos

Thanks for investigating this @thomblake !

@thomblake
Contributor

If I could get a decision from a maintainer about which thing is the bug, I could work on an actual PR, unless someone over there is already working on it. @iarna @othiym23 any thoughts?

@alekstorm

@fundon Are you sure you did npm ls after installing? That's what triggers the bug.

@iarna
Member
iarna commented Dec 3, 2015

@thomblake Having the same module in a single children array would be a problem, if that's what you mean?

But your ls output is weird and I think that's part of what you're seeing:

bluesky@0.0.1 /Users/thomblake/test_shrinkwrap
├── chai@1.9.1 extraneous
├── diff@1.1.0 extraneous
├── dojo@2.0.0-dev extraneous
└─┬ intern@2.2.2
  ├─┬ chai@1.9.1 -> /Users/thomblake/test_shrinkwrap/node_modules/chai
  │ ├── assertion-error@1.0.0
  │ └─┬ deep-eql@0.1.3
  │   └── type-detect@0.1.1
  ├── charm@0.2.0
  ├── diff@1.1.0 -> /Users/thomblake/test_shrinkwrap/node_modules/diff

It looks like all of the extraneous modules are being symlinked to from deeper in the tree? npm itself would never create this layout and I can easily see that confusing things a bit. Do you have any idea how that happened?

@thomblake
Contributor

No idea. This was generated using the really simple steps to reproduce shown above - just asked npm to install one module.

@thomblake
Contributor

So you think this is actually an issue with npm install and not with the code called by npm ls that I referenced above? Note that read-installed (and by extension npm prune) doesn't have this issue.

@iarna
Member
iarna commented Dec 3, 2015

And yup, I've confirmed that intern@2.2.2 symlinks deps into its node_modules folder:

// AMD-loaded dependencies need to exist in Intern's node_modules directory,
// regardless of whether or not they were deduped by npm

So, it's very interesting (and surprising!) to me that intra-node_modules links in npm@2 are NEVER reported as extraneous, regardless of how much duplicates they provide.

@iarna
Member
iarna commented Dec 3, 2015

Fixing this is gonna be a little tricky. I think the answer is, for link-type objects, proxying access to requiredBy and requires to the target (the package is already shared between them).

@thomblake
Contributor

Wow, it didn't occur to me to check whether intern was literally doing that on purpose. Are we sure the correct fix isn't telling intern to knock it off?

@alekstorm

I agree with Thom - what Intern's doing seems absurd.

@iarna Thanks for looking into this - I actually just created a fork of Intern (https://github.com/brightroll/intern/blob/copy-root-deps/support/fixdeps.js) that copies the dependencies to the root node_modules wholesale, rather than symlinking, and still got the "extraneous" error upon doing npm ls. So fixing symlink handling may not be the whole answer.

@iarna
Member
iarna commented Dec 3, 2015

@alekstorm well, copying it means you have two copies in your tree and that's definitely extraneous. The problem is that they have other code that expects stuff to be in their node modules and they don't want to change it. moving the modules would work as long as nothing else requires them. And if something else required them, they wouldn't be flagged extraneous.

I agree though, that they really need a better solution for what they're doing. =/

As weird as all this is, I don't actually want npm@3 to report errors when npm@2 didn't though.

@alekstorm

Ah, of course; don't know what I was thinking. I'll ask them what problem they're trying to solve by doing this; maybe npm could address it somehow.

I'm surprised you're concerned with compatibility, though - although this didn't get a deprecation notice, there are many things that npm@3 broke backwards compatibility with.

@iarna
Member
iarna commented Dec 3, 2015

@alekstorm If it wasn't in the 3.0.0 changelog then we consider it a bug and will eventually restore it to 2.x behavior.

@thomblake
Contributor

@iarna Works for me too!

@thomblake
Contributor

Trying now with our actual repo...

@thomblake
Contributor

Appears to work with our actual repo!

@thomblake
Contributor

Is the fix going into master?

@othiym23
Contributor

Probably not for a little while, @thomblake. @iarna's patch doesn't have tests yet, and it may take a little while to get to the point where any of us have time to write any.

@alekstorm alekstorm referenced this issue in theintern/intern Feb 23, 2016
Closed

Intern breaks shrinkwrap in npm 3.x #586

@phuu
phuu commented Apr 21, 2016

Hey folks. Has any progress been made on this since December?

We have the save issue at Twitter and have found it is (somewhat) fixed by @iarna's branch. It's still rebase-able onto master so I guess the next step is tests?

If it helps, we can provide a reproducing package.json, though it seems like the bug has been identified.

Alternatively: how would you go about testing this? This is blocking us badly enough that we are willing to put some time into a PR, but would really appreciate some pointers to get us going.

Thanks!

@alekstorm

@phuu Is the dependency that triggers the bug Intern? If so, note that Intern was fixed in theintern/intern#589 (with additional discussion in theintern/intern#586).

@phuu
phuu commented Apr 21, 2016

@alekstorm No — in this case it's noptify, via grunt-contrib-watch and tiny-lr.

@zkat zkat removed the needs-repro label May 2, 2016
@iarna iarna self-assigned this Jun 13, 2016
@noahhaon

Any news here? Causing problems for our CI

@zkat zkat modified the milestone: big-bug-backlog, 3.x Aug 11, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment