-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NPM 9 update in 18.14.0 broke npm ci
with local dependencies
#46542
Comments
@nodejs/npm |
After doing a bit of digging into the actual changes in NPM 9, it seems like major changes occurred to how local dependencies are installed. They are now actually installed rather than symlinked, which I think it the source of this issue. If I run The 18.14.0 release notes claim that this new install-links behaviour wouldn't impact existing projects with a lock file, but that does not seem to be the case.
(This seems to impact all local dependencies, not isolated to peer dependencies [that was just how I encountered it]. I've updated the title and initial report to use a standard dependency for reproduction, not a peer dependency) |
npm ci
with peer dependenciesnpm ci
with local dependencies
Thanks for sharing @MattIPv4. I'm surfacing this to the npm CLI team now and will get back to you soon. |
this new default was unintentionally breaking so we are reverting it as a bug fix, see nodejs/node#46542
thank you for identifying and raising this concern! it seems we had some miscommunication about how this feature would impact existing lock files. in the interest of keeping as many builds as possible from breaking, we plan to ship a patch release of npm today reverting you can follow the patch here: npm/cli#6142 |
this new default was unintentionally breaking so we are reverting it as a bug fix, see nodejs/node#46542
The change also had a side effect on tools that parse the lockfile to pre-cache all dependencies, in order to allow offline-installation (like |
Having the same issue, having a local dependency the dependency gets removed from my |
This is fixed with npm 9.4.0 and higher. Node.js 18.14.2 was just released with npm 9.5.0 |
For future note - please don't change this default. Or at least get the word out and provide an equivalent command. There are a lot of us that rely on the way |
@TotallyInformation fwiw that change impacting projects with an existing package-lock was not intentional. We definitely commit to not breaking |
Can confirm that everything is working for us with version npm 9.4.0 and higher 🙌 |
I think we would all be rather grateful if you didn't break it in major versions either! 😁 Thanks though, I realise how hard it is to maintain something like npm. |
`npm ci` fails on CI with an error message: ``` npm ERR! code EUSAGE npm ERR! npm ERR! `npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing. npm ERR! npm ERR! Missing: phoenix@1.7.2 from lock file npm ERR! Missing: phoenix_html@3.3.1 from lock file ``` nodejs/node#46542
`npm ci` fails on CI with an error message: ``` npm ERR! code EUSAGE npm ERR! npm ERR! `npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing. npm ERR! npm ERR! Missing: phoenix@1.7.2 from lock file npm ERR! Missing: phoenix_html@3.3.1 from lock file ``` nodejs/node#46542
Version
18.14.0
Platform
Darwin HMTV-Cowley.local 22.2.0 Darwin Kernel Version 22.2.0: Fri Nov 11 02:08:47 PST 2022; root:xnu-8792.61.2~4/RELEASE_X86_64 x86_64
Subsystem
No response
What steps will reproduce the bug?
Creating package
a
:Creating package
b
:Triggering
npm ci
failure:How often does it reproduce? Is there a required condition?
Always
What is the expected behavior?
npm ci
doesn't failWhat do you see instead?
Additional information
No response
The text was updated successfully, but these errors were encountered: