cli
cli copied to clipboard
npm
[BUG] "loading from incorrect packument" causes silent failure during npm install
Is there an existing issue for this?
- [x] I have searched the existing issues
This issue exists in the latest npm version
- [x] I am using the latest npm
Current Behavior
I've been doing some work with an internal registry with some unusual configuration. I recently noticed that npm install would fail with no indication of what went wrong other than exiting with status code 1:
4985 verbose os Darwin 24.3.0
4986 verbose node v20.18.1
4987 verbose npm v10.8.2
4988 verbose exit 1
4989 verbose code 1
4990 error A complete log of this run can be found in: /Users/trevorbb/.npm/_logs/2025-02-25T20_06_50_716Z-debug-0.log
I eventually found that the install went fine if I used npm install --no-audit. If I ran npm audit, I'd get an error with some more useful information:
67 silly packumentCache corgi:<custom registry URL> set size:4255 disposed:false
68 verbose stack Error: loading from incorrect packument
68 verbose stack at Advisory.load (/Users/trevorbb/.local/share/fnm/node-versions/v20.18.1/installation/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/advisory.js:91:27)
68 verbose stack at [calculate] (/Users/trevorbb/.local/share/fnm/node-versions/v20.18.1/installation/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/lib/index.js:60:14)
68 verbose stack at async Promise.all (index 0)
68 verbose stack at async [init] (/Users/trevorbb/.local/share/fnm/node-versions/v20.18.1/installation/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:188:9)
68 verbose stack at async AuditReport.run (/Users/trevorbb/.local/share/fnm/node-versions/v20.18.1/installation/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/audit-report.js:109:7)
68 verbose stack at async Arborist.audit (/Users/trevorbb/.local/share/fnm/node-versions/v20.18.1/installation/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/index.js:254:24)
68 verbose stack at async Audit.auditAdvisories (/Users/trevorbb/.local/share/fnm/node-versions/v20.18.1/installation/lib/node_modules/npm/lib/commands/audit.js:69:5)
68 verbose stack at async Audit.exec (/Users/trevorbb/.local/share/fnm/node-versions/v20.18.1/installation/lib/node_modules/npm/lib/commands/audit.js:49:7)
68 verbose stack at async Npm.exec (/Users/trevorbb/.local/share/fnm/node-versions/v20.18.1/installation/lib/node_modules/npm/lib/npm.js:207:9)
68 verbose stack at async module.exports (/Users/trevorbb/.local/share/fnm/node-versions/v20.18.1/installation/lib/node_modules/npm/lib/cli/entry.js:74:5)
Expected Behavior
npm install should emit fatal errors that occur during the audit step.
Steps To Reproduce
This one's tricky to reproduce, since in my case it only occurred because my registry was returning an invalid packument. However, I suspect that the same issue would occur with any thrown error during the audit step of npm install.
Environment
- npm: 10.9.2
- Node.js: 20.18.1
- OS Name: macOS 15.3.1
If I use npm 11 and force this throw to happen I get the message on the cli:
$ node /Users/wraithgar/Development/npm/cli/branches/gar_metavuln-throw i lodash@1
error loading from incorrect packument
error A complete log of this run can be found in: /Users/wraithgar/.npm/_logs/2025-04-24T01_45_10_618Z-debug-0.log
I also get that thrown error in my log file. It's not at the very end of the file however, it's much sooner, right after the audit report. Did you search your log file for Error?
The real issue here is that there is extra data in the thrown error that npm could also be showing in the full log. It will take a little work to add that though, specifically setting a code on those two thrown errors so npm's error-message handler knows to display them.
