cli
cli copied to clipboard
npm
[BUG] npx does not respect version range if a compatible version is found inside any package installed globally
Is there an existing issue for this?
- [X] I have searched the existing issues
This issue exists in the latest npm version
- [X] I am using the latest npm
Current Behavior
Installed package is used even if the version range does not match.
npm install -g [email protected] [email protected]
npx [email protected] --version
8.3.0
Expected Behavior
The version range should be respected.
npm install -g [email protected]
npx [email protected] --version
8.4.0
Steps To Reproduce
No response
Environment
- npm: 10.7.0
- Node.js: v18.20.2
- OS Name: MacOS
- System Model Name: MacBook Air
- npm config:
; "builtin" config from /opt/homebrew/lib/node_modules/npm/npmrc
prefix = "/opt/homebrew"
; "user" config from /Users/mshima/.npmrc
//registry.npmjs.org/:_authToken = (protected)
; node bin location = /usr/local/bin/node
; node version = v18.20.2
; npm local prefix = /Users/mshima/git/test
; npm version = 10.7.0
; cwd = /Users/mshima/git/test
; HOME = /Users/mshima
; Run `npm config ls -l` to show all defaults.
For me it's showing correct version
~ $ npx [email protected] --version
8.4.0
~ $ npm ls -g
/Users/testing/.nvm/versions/node/v22.0.0/lib
├── [email protected]
├── [email protected]
├── [email protected]
└── [email protected]
% npx -v
10.7.0
% npx [email protected] --version
8.3.0
% npm ls -g
/opt/homebrew/lib
.
├── [email protected]
.
Anything else I could do to debug?
does you cwd has that package installed ?
what does npm ls shows from where you are running the command ?
does you cwd has that package installed ? what does
npm lsshows from where you are running the command ?
It's an empty folder.
% npm ls
/Users/mshima/git/test
└── (empty)
@milaninfy I think a found a way to reproduce:
npm install -g [email protected] generator-jhipster-native@latest
% npx [email protected] --version
8.3.0
If I remove every global package and install the generator-jhipster, it works.
Then if I install generator-jhipster-native that have [email protected] as a dependency, the problem is reproducible.
I've added a console.log in /usr/local/lib/node_modules/npm/node_modules/libnpmexec/lib/index.js:
// package requested by specific version
if (spec.type === 'version' && (node.pkgid === spec.raw)) {
console.log(node)
return { node }
It prints:
% npx [email protected] --version
⠦ArboristNode {
name: 'generator-jhipster',
version: '8.4.0',
location: 'node_modules/generator-jhipster-native/node_modules/generator-jhipster',
path: '/usr/local/lib/node_modules/generator-jhipster-native/node_modules/generator-jhipster',
.
.
.
8.3.0
generator-jhipster inside generator-jhipster-native is found. But the root (8.3.0) is used.
Duplicated in a workspace off of latest
@wraithgar ➜ /workspaces/cli (latest) $ npx [email protected] --version
8.3.0
@wraithgar ➜ /workspaces/cli (latest) $ npm ls -g
/usr/local/share/nvm/versions/node/v20.12.1/lib
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
└── [email protected]
