Gar

[body-parser](https://github.com/gatsbyjs/gatsby/blob/be577c10af0a8612819f8e4d729886229ad72e03/packages/gatsby/package.json#L55) also has a [high severity alert](https://github.com/advisories/GHSA-qwcr-r2fm-qrc7) associated with it. The issue for [webpack-dev-middleware](https://github.com/gatsbyjs/gatsby/issues/38920) has also been untriaged since April.

Looks like dependabot PRs are flowing once again which is a good sign! - body-parser: https://github.com/gatsbyjs/gatsby/pull/39097 - path-to-regexp: https://github.com/gatsbyjs/gatsby/pull/39096 - webpack-dev-middleware https://github.com/gatsbyjs/gatsby/pull/39106

https://github.com/npm/git/commit/8f2ce0459744719458201f42aa51bce02ad0c003

I don't think ignoring this error is the right solution. npm will think install succeeded but the tree will not be valid.

Can you show the output of `npm config ls`, it looks like there is a scoped registry setting that `npm pack` is missing that `npm install` is picking up.

Looking good so far, I'll defer to @lukekarrys for the final review since they started it in https://github.com/npm/ini/pull/246. This probably will not be looked at till next week at the...

This needs a test. It's one thing to say the code can get into this situation, it's another to know why and show it in tests.

If I'm understanding this PR correctly, when npm encounters an invalid tree (i.e. an incomplete linking) it will now ignore it? I don't know if this is what we want....

Is there any overlap here with https://github.com/npm/cli/pull/7588?

Thanks for your patience on this. I think it's ready to land.