Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

npm update --save mixes devDependencies into dependencies in package.json #4438

Merged
merged 4 commits into from May 11, 2014

Conversation

Projects
None yet
5 participants
Member

timoxley commented Jan 8, 2014

When you run npm-update --save|--save-dev|--save-optional, all packages that needed updating will magically appear in the section specified by --save|--save-dev|--save-optional, regardless of whether they were originally regular, development or optional dependencies. 👎 .

Example of running npm update --save on a simple package.json with only a development dependency:

Before

{
  "name": "update-save-test",
  "version": "0.5.0",
  "devDependencies": {
    "rimraf": "~2.0.0"
  }
}

After

{
  "name": "update-save-test",
  "version": "0.5.0",
  "devDependencies": {
    "rimraf": "~2.0.0"
  },
  "dependencies": {
    "rimraf": "~2.0.3"
  }
}
Member

timoxley commented Jan 8, 2014

I believe the issue is that update uses outdated to get list of outdated packages, followed by an install which gets passed this list of outdated packages… BUT outdated indiscriminately mixes development dependencies to its check… which this list is then passed to install, which just behaves as if whatever flag you supplied to the original update (e.g. --save) was passed to it directly.

@timoxley timoxley referenced this pull request Jan 8, 2014

Closed

npm outdated --save #4230

timoxley added a commit to timoxley/npm that referenced this pull request Jan 8, 2014

Member

timoxley commented Jan 8, 2014

I started writing some tests for this, but hock doesn't allow you to hit a mocked url multiple times, and npm apparently needs to hit a tgz url twice during an update.

A manual test procedure until this can be resolved:

{
  "name": "update-save-test",
  "version": "0.5.0",
  "dependencies": {
    "debug": "0"
  },
  "devDependencies": {
    "rimraf": "~2.0.0"
  },
  "optionalDependencies": {
    "underscore": "~1.3.1"
  }
}

Run > npm update --save. Notice only debug updated in the package.json.
Run > npm update --save-dev. Notice only rimraf updated in the package.json.
Run > npm update --save-optional. Notice only underscore updated in the package.json.

Member

timoxley commented Jan 8, 2014

@robertkowalski ahh great, I'll try that out

Member

timoxley commented Jan 10, 2014

@robertkowalski bah, that wipes out the existing routes. npm/npm-registry-mock#10

@domenic domenic added the needs-tests label Feb 8, 2014

Member

timoxley commented Feb 27, 2014

@robertkowalski sweet, I'll resurrect this soon

Member

domenic commented Apr 18, 2014

@timoxley bump

Member

timoxley commented Apr 19, 2014

bump acknowledged

timoxley added some commits Jan 8, 2014

Stop optional deps moving into deps on update --save
This probably undesirable behaviour stems from normalize-package-data:

> The values in optionalDependencies get added to dependencies. The
optionalDependencies array is left untouched.

Solution Caveat: regular dependencies that are also optional (does that
even make sense?) will not be updated with --save because there's no
way to detect which optional dependencies aren't also regular
dependencies – we just avoid updating anything optional during --save.
Member

timoxley commented May 10, 2014

@robertkowalski @domenic this appears be ready to go, review appreciated.

Member

timoxley commented May 10, 2014

weird, that build reported failed initially, for a seemingly unrelated test: https://app.wercker.com/#buildstep/536e9a2d3cca802507164027

Does werker do a best-of-three or something?

Owner

ceejbot commented May 10, 2014

The Travis build is succeeding but the Wercker build is failing. I'll nuke Wercker from the repo; it's never succeeded with a single test because of configuration differences from Travis.

@domenic domenic merged commit 65f4cb3 into npm:master May 11, 2014

1 of 2 checks passed

continuous-integration/wercker Build finished
Details
continuous-integration/travis-ci The Travis CI build passed
Details
Member

domenic commented May 11, 2014

Very nice, glad we finally got this merged.

WishCow commented Dec 20, 2015

I experience this again (or still? not sure) with npm version 3.5.2:

git clone project
cd project
npm install
npm update --dev --save

Then git status reports that my dependencies array now contains all my devdependencies too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment