cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon npm

[BUG] Dev dependency should not throw “unsupported platform” error when using --production flag on npm install

Open aral opened this issue 4 years ago • 6 comments

Current Behavior:

If you have a module that is not supported on your platform set in the devDependencies object in your package file and you do a production install using the --production flag, the installation fails with an “Unsupported platform” (EBADPLATFORM) error. Since the module should not be installed/used during a production install, it should also not throw an error or otherwise affect the outcome of the installation.

Expected Behavior:

A module that’s declared in devDependencies should not affect the outcome of a production install.

Steps To Reproduce:

  1. Create a module, M, that specifies an OS different to the one you’re currently on in its npm package file. e.g., if you’re on a Mac, specify:
  "os": [
    "win32"
  ]
  1. Create an app, A, that includes module M in its devDependencies. e.g.,
  "devDependencies": {
    "M": "1.0.0"
}
  1. Do a production install on app A:
npm install --production

Note that the installation fails because module M is not supported on your system, even though you’re doing a production build and module M should not be installed or used.

Environment:

  • OS (noticed/reproduced on): macOS Big Sur
  • Node: 14.16.0
  • npm: 7.6.3

aral avatar Mar 23 '21 10:03 aral

Also repros if a devDependency cannot be found. This was a warning in npm v6, but it's an error in npm v7.

package.json

{
  "name": "test",
  "version": "1.0.0",
  "dependencies": {
    "typescript": "^4.2.3"
  },
  "devDependencies": {
    "does-not-exist": "^1.0.0"
  }
}

npm v6

# npm install --prod
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: does-not-exist@^1.0.0 (node_modules/does-not-exist):
npm WARN 404 SKIPPING OPTIONAL DEPENDENCY: Not Found - GET https://registry.npmjs.org/does-not-exist - Not found
npm WARN [email protected] No description
npm WARN [email protected] No repository field.
npm WARN [email protected] No license field.

added 1 package from 1 contributor and audited 1 package in 1.519s
found 0 vulnerabilities

npm v7

# npm install --prod
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/does-not-exist - Not found
npm ERR! 404
npm ERR! 404  'does-not-exist@^1.0.0' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

mikeharder avatar Mar 25 '21 23:03 mikeharder

Is there a NPM config setting that we can change that will make EBADPLATFORM log as a warning and not an error? We don't even have a dependency on fsevents, but other dependencies we use do depend on it and list it as an optional dependency. Why should this be an error, it's optional? All our apps are built on Jenkins on a linux build server, so now we can't build on Linux anymore.

20:06:20 [INFO] Running 'npm install' in /jenkins/workspace/myapp-23.0-nightly/my-apps 20:06:22 [INFO] npm ERR! code EBADPLATFORM 20:06:22 [INFO] npm ERR! notsup Unsupported platform for [email protected]: wanted {"os":"darwin"} (current: {"os":"linux","arch":"x64"}) 20:06:22 [INFO] npm ERR! notsup Valid OS: darwin 20:06:22 [INFO] npm ERR! notsup Valid Arch: undefined 20:06:22 [INFO] npm ERR! notsup Actual OS: linux 20:06:22 [INFO] npm ERR! notsup Actual Arch: x64

danshome avatar Apr 29 '21 01:04 danshome

Running npm install with --legacy-peer-deps on Windows 10 and Linux appears to error out and not complete the install as well.

This happens when fsevents is a optional/dev package and it is a package used on the Mac platform only.

It seems to be a regression since it works on older versions on Node/npm. See https://github.com/storybookjs/storybook/issues/14433 for some info.

spoike avatar Apr 29 '21 08:04 spoike

Going hand-in-hand with the main description and title for this issue, using --omit=optional in the install command does nothing. It doesn't look like that verification step pays attention to the flags at all and just does it across the board, with possible exception to direct dependencies.

There have been some workarounds that I've seen for this behavior, but none that sit super well for me. I do see many issues logged about this problem, though this is the first that I could find on the npm repository itself. If anybody is interested in the workarounds after I've done more testing, let me know.

cwadrupldijjit avatar Jun 03 '21 23:06 cwadrupldijjit

I can reproduce a variant of this with a simple package.json using npm v7.19.1:

{
  "name": "my-package",
  "version": "1.0.0",
  "private": true,
  "devDependencies": {
    "non-existing-package": "*"
  }
}

npm install --production

It fails with:

npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/non-existing-package - Not found
npm ERR! 404 
npm ERR! 404  'non-existing-package@*' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

This is a pain when working with unpublished / private packages.

Why does NPM have to fetch anything about the non-existing-package in this mode? Fixing this seems like a potential for a significant performance boost.

kraenhansen avatar Jul 13 '21 09:07 kraenhansen

Hmmm I see that it's still a problem, even though I add the --omit=dev it still tries to install the devDependency and throws a unsupported platform error

humblewolfstudio avatar May 12 '24 16:05 humblewolfstudio