Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Install produces different package-lock.json on Linux and macOS #1360

Closed
jliuhtonen opened this issue May 29, 2020 · 6 comments
Closed
Labels
Bug thing that needs fixing Release 6.x work is associated with a specific npm 6 release

Comments

@jliuhtonen
Copy link

What / Why

Installing certain (combination of?) dependencies on Linux and macOS can result in a different package-lock.json with npm v6.14.4 depending on the underlying platform. As expected, using --force flag produces identical lockfile, but tries installing packages for wrong platform.

When

  • When npm install is run without existing lockfile or node_modules directory

Where

  • npm install

How

Current Behavior

Diff between lockfiles on Linux and macOS when installing webpack@4.43.0:

--- linux/package-lock.json	2020-05-29 21:03:52.000000000 +0300
+++ macos/package-lock.json	2020-05-29 21:02:39.000000000 +0300
@@ -358,10 +358,19 @@
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.0.0.tgz",
       "integrity": "sha512-Phlt0plgpIIBOGTT/ehfFnbNlfsDEiqmzE2KRXoX1bLIlir4X/MR+zSyBEkL05ffWgnRSf/DXv+WrUAVr93/ow==",
       "optional": true
     },
+    "bindings": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz",
+      "integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==",
+      "optional": true,
+      "requires": {
+        "file-uri-to-path": "1.0.0"
+      }
+    },
     "bluebird": {
       "version": "3.7.2",
       "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz",
       "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg=="
     },
@@ -1110,10 +1119,16 @@
     "figgy-pudding": {
       "version": "3.5.2",
       "resolved": "https://registry.npmjs.org/figgy-pudding/-/figgy-pudding-3.5.2.tgz",
       "integrity": "sha512-0btnI/H8f2pavGMN8w40mlSKOfTK2SVJmBfBeVIj3kNw0swwgzyRq0d5TJVOwodFmtvpPeWPN/MCcfuWF0Ezbw=="
     },
+    "file-uri-to-path": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz",
+      "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==",
+      "optional": true
+    },
     "fill-range": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz",
       "integrity": "sha1-1USBHUKPmOsGpj3EAtJAPDKMOPc=",
       "requires": {
@@ -1698,10 +1713,16 @@
     "ms": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
     },
+    "nan": {
+      "version": "2.14.1",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.14.1.tgz",
+      "integrity": "sha512-isWHgVjnFjh2x2yuJ/tj3JbwoHu3UC2dX5G/88Cm24yB6YopVgxvBObDY7n5xW6ExmFhJpSEQqFPvq9zaXc8Jw==",
+      "optional": true
+    },
     "nanomatch": {
       "version": "1.2.13",
       "resolved": "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz",
       "integrity": "sha512-fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA==",
       "requires": {
@@ -2727,11 +2748,15 @@
         },
         "fsevents": {
           "version": "1.2.13",
           "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.13.tgz",
           "integrity": "sha512-oWb1Z6mkHIskLzEJ/XWX0srkpkTQ7vaopMQkyaEIoq0fmtFVxOthb8cCxeT+p3ynTdkk/RZwbgG4brR5BeWECw==",
-          "optional": true
+          "optional": true,
+          "requires": {
+            "bindings": "^1.5.0",
+            "nan": "^2.12.1"
+          }
         },
         "glob-parent": {
           "version": "3.1.0",
           "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz",
           "integrity": "sha1-nmr2KZ2NO9K9QEMIMr0RPfkGxa4=",

Steps to Reproduce

  • Install Node 12.17 and npm 6.14.4 on Linux and macOS hosts respectively
  • Create package.json as follows:
{
  "name": "my-package",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "webpack": "4.43.0"
  }
}
  • Run npm install on both hosts
  • Lockfiles are different
  • Delete lockfiles and node_modules directory on both hosts
  • Run npm install -f on both hosts
  • Lockfiles are identical this time

Expected Behavior

  • Lockfile should be platform independent and have the same result given the same package.json regardless of what software actually gets installed on the underlying platform.

Who

  • n/a

References

  • n/a
@jliuhtonen
Copy link
Author

jliuhtonen commented May 31, 2020

Interestingly enough, depending just on the dependency that requires the problematic fsevents@^1.2.7 that resolves to fsevents@1.2.13 package, and the root dependency being chokidar@2.1.8, the lockfiles are identical and the optional dependencies show up correctly on Linux as well.

To make it explicit, this is the package.json that produces same lockfile on both platforms:

{
  "name": "my-package",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "chokidar": "2.1.8"
  }
}

webpack@4.43.0 depends on chokidar@^3.4.0 -> chokidar@3.4.0 and also on watchpack-chokidar2@^2.0.0 -> watchpack-chokidar2@2.0.0 and watchpack-chokidar@2.0.0 depends on chokidar@^2.1.8 -> chokidar@2.1.8. Different chokidar-versions again depend on different versions of fsevents them being fsevents@^1.2.7 -> fsevents@1.2.13 and fsevents@~2.1.2 -> fsevents@2.1.3.

@jrjohnson
Copy link

We're seeing this as well.
Running rm package-lock.json node_modules; npm install on OSX and on Linux at the exact same time produce different lock files. Specifically nan is not included in the linux version.

@darcyclarke darcyclarke added Release 6.x work is associated with a specific npm 6 release Bug thing that needs fixing labels Oct 30, 2020
@Primajin
Copy link
Contributor

Yeah we see either nan and or bindings and or file-uri-to-path popping up on mac.
Not on Linux or on Windows.
node 14 with latest npm 6

@darcyclarke
Copy link
Contributor

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

@paulrutter
Copy link

Although this issue is closed, we encountered the same issue on NPM 8.3.1.
In our situation it was caused by a dev dependency mocha, which has a dependency on chokidar, which has a dependency on fsevents.

The lock file was generated on Windows, causing fsevents not to be part of the resulting lockfile.

We circumvented this by adding chokidar as dependency explicitly (npm i chokidar@3.5.3 --save-dev).
That results in the same lockfile on Windows and Mac.

@Primajin
Copy link
Contributor

@paulrutter you can also consider using optionalDependencies - that worked well for us between operation systems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug thing that needs fixing Release 6.x work is associated with a specific npm 6 release
Projects
None yet
Development

No branches or pull requests

5 participants