angular-cli icon indicating copy to clipboard operation
angular-cli copied to clipboard
verified publisher icon angular

ng update adds a fake dependency/package

Open ChrisMBarr opened this issue 7 months ago • 9 comments

Command

update

Is this a regression?

  • [ ] Yes, this behavior used to work in the previous version

The previous version in which this bug was not present was

No response

Description

I have a monorepo with several angular apps, and I added an NPM script to run ng update for me. I made a script on the root monorepo level to run the script on all of the child applications. When I do this, it always seems to ADD a fake dependency to each of the app package.json files which is the name of that project

Minimal Reproduction

On the root level package I have this NPM script

"update-angular-apps": "npm run update-angular --prefix ./app-1 && npm run update-angular --prefix ./app-2 && npm run update-angular --prefix ./app-3",

And here is what the individual app package files look like

{
  "name": "name-of-app-2",
  "private": true,
  "author": "Me",
  "description": "My App #2",
  "homepage": "https://company.com/app-2",
  "repository": {
    "type": "git",
    "url": "git+https://github.com/redacted/app-2.git"
  },
  "scripts": {
    "ng": "ng",
    "start": "ng serve",
    "build": "ng build",
    "test": "ng test",
    "update-angular": "ng update @angular/cli @angular/core @angular/material --allow-dirty",
    "lint": "ng lint --fix --max-warnings=0",
  },
  "dependencies": {
    "@angular/animations": "^19.2.12",
    "@angular/cdk": "^19.2.17",
    "@angular/common": "^19.2.12",
    "@angular/compiler": "^19.2.12",
    "@angular/core": "^19.2.12",
    "@angular/forms": "^19.2.12",
    "@angular/material": "^19.2.17",
    "@angular/platform-browser": "^19.2.12",
    "@angular/platform-browser-dynamic": "^19.2.12",
    "@angular/router": "^19.2.12",
    "@angular/service-worker": "^19.2.12",
    "zone.js": "^0.15.0"
  },
  "devDependencies": {
    "@angular-devkit/build-angular": "^19.2.13",
    "@angular/cli": "^19.2.13",
    "@angular/compiler-cli": "^19.2.12"
  },
  "peerDependencies": {
    "rxjs": "*",
    "typescript": "*"
  }
}

From the root level I run npm run update-angular-apps and it modifies the package.json files with all the correct updates, and then after a little bit of time it adds a fake package to dependencies as a final step. It is formatted like

"name-of-app-2": "file:"

and I have to manually delete this and re-run npm install on each child application since it does add an entry to the package-lock.json file for this as well

Exception or Error

Your Environment

Angular CLI: 19.2.13
Node: 22.14.0
Package Manager: npm 10.9.1
OS: win32 x64

Angular: 19.2.12
... animations, common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
... service-worker

Package                           Version
-----------------------------------------------------------
@angular-devkit/architect         0.1902.13
@angular-devkit/build-angular     19.2.13
@angular-devkit/core              19.2.13
@angular-devkit/schematics        19.2.13
@angular/cdk                      19.2.17
@angular/cli                      19.2.13
@angular/material                 19.2.17
@angular/material-luxon-adapter   19.2.17
@schematics/angular               19.2.13
zone.js                           0.15.0

Anything else relevant?

The root package does NOT have any Angular packages installed on it, only the child apps have them. I'm not sure if this would matter or not. I mean, the upgrades do all work, it just adds some nonsense that I have to remove each time

ChrisMBarr avatar May 22 '25 14:05 ChrisMBarr

I'm sorry, but we can't reproduce the problem following the instructions you provided. Can you setup a minimal repro please?

You can read here why this is needed. A good way to make a minimal repro is to create a new app via ng new repro-app and adding the minimum possible code to show the problem. Then you can push this repository to github and link it here.

This might be related to your directory structure so its really important to get an accurate repro to diagnose this.

alan-agius4 avatar May 23 '25 06:05 alan-agius4

ok, no problem. Here it is: https://github.com/ChrisMBarr/angular-cli-issue-30374-reproduction

You can run npm install and then run the script npm run update-angular-apps and it reproduces this behavior.

Here's a screenshot of the file diff after running this with the fake dependencies added:

Image

ChrisMBarr avatar May 23 '25 13:05 ChrisMBarr

Hi @ChrisMBarr, thanks for the reproduction. Unfortunately, I am seeing unable to replicate this.

Image

alan-agius4 avatar May 26 '25 07:05 alan-agius4

You ran the script from the root level and not from each app, right?

I just downloaded my repo above on my home computer (Mac OS X) and I was not able to reproduce it here either. I am not sure what might be specific about running that command on my work computer. I am running Node 22 on this Mac, but I believe only Node 20 on my work machine, not sure if that would make a difference or not. Do you have any tips on what else I could look for on my work machine to see why this only happens there?

ChrisMBarr avatar May 26 '25 13:05 ChrisMBarr

Back on my work computer and I was wrong, I am also using Node 22 here. Just ran the script to update from 19.2.12 to 19.2.13 and it happened again

ChrisMBarr avatar May 27 '25 14:05 ChrisMBarr

One thing that confuses me a bit is why npm is a patch version behind in that output:

Package Manager: npm 10.9.1

That seems very minor but is weird. From all I can tell (including the release metadata), nodejs 22 should be shipping with npm v10.9.2, not npm v10.9.1.

hybrist avatar May 27 '25 14:05 hybrist

I just ran npm i npm -g and I am now updated to 11.4.1. I didn't realize I was that far behind.

With that, I opened up my linked reproduction repo and ran my update script. It still happens.

Here's what the inside of the package-lock.json file looks like at the top after running this

{
  "name": "app-2",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "app-2",
      "dependencies": {
        "@angular/animations": "19.2.13",
        "@angular/common": "19.2.13",
        "@angular/compiler": "19.2.13",
        "@angular/core": "19.2.13",
        "@angular/forms": "19.2.13",
        "@angular/platform-browser": "19.2.13",
        "@angular/platform-browser-dynamic": "19.2.13",
        "@angular/router": "19.2.13",
        "app-2": "file:",
        "rxjs": "*",
        "tslib": "2.3.0",
        "zone.js": "~0.15.0"
      },
      "devDependencies": {
        "@angular-devkit/build-angular": "19.2.13",
        "@angular/cli": "19.2.13",
        "@angular/compiler-cli": "19.2.13"
      },
      "peerDependencies": {
        "rxjs": "*",
        "typescript": "*"
      }

And then scrolling way down, it adds this:

"node_modules/app-2": {
  "resolved": "",
  "link": true
},

And even more wild... there actually is a folder for this in my node_modules! It appears to just copy the whole app folder into itself

Image

ChrisMBarr avatar May 27 '25 16:05 ChrisMBarr

Hi @ChrisMBarr, I'm not sure what's happening here. I tried replicating the issue on two machines (Linux and Windows), but I wasn't able to reproduce what you're experiencing.

alan-agius4 avatar Jun 02 '25 08:06 alan-agius4

@alan-agius4 I'm not sure either. I was also not able to reproduce this on my personal Mac machine, but this is still happening on my work Windows machine.

We are about to move to angular 20. I need to see if this still happens after that upgrade. I also need to see if this happens with any of my coworkers of if it really is just my machine

ChrisMBarr avatar Jun 02 '25 12:06 ChrisMBarr

@ChrisMBarr, have you checked with your coworkers to see if they can replicate this issue? Unfortunately, we were unable to reproduce it on either Linux or Windows machines.

alan-agius4 avatar Jun 23 '25 08:06 alan-agius4

@alan-agius4 I just asked them to pull down the repo and try it, and it happened to him as well. He sent me this screenshot

Image

ChrisMBarr avatar Jun 25 '25 14:06 ChrisMBarr

I had a similar issue with multiple angular repos, but it turns out the bug was actually caused by a VSCode extension.

My issue was caused by Red Hat Dependency Analytics, it should be fixed in version 0.9.6.

Github issue

RichardKestra avatar Sep 23 '25 02:09 RichardKestra

Strange, because I do not have that plugin and I was able to reproduce this from the CLI without having VSCode open at all. Just using Powershell made this happen for me

ChrisMBarr avatar Sep 24 '25 12:09 ChrisMBarr

I'm sorry, but we can't reproduce the problem following the instructions you provided. Remember that we have a large number of issues to resolve, and have only a limited amount of time to reproduce your issue. Short, explicit instructions make it much more likely we'll be able to reproduce the problem so we can fix it.

If the problem persists, please open a new issue following our submission guidelines.

A good way to make a minimal repro is to create a new app via ng new repro-app and add the minimum possible code to show the problem. Then you can push this repository to github and link it here.

alan-agius4 avatar Oct 20 '25 13:10 alan-agius4

This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

angular-automatic-lock-bot[bot] avatar Nov 20 '25 00:11 angular-automatic-lock-bot[bot]