cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

[BUG] Aliases of NPM packages are broken when used in dependencies

Open fabiospampinato opened this issue 4 years ago • 3 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

This issue exists in the latest npm version

  • [X] I am using the latest npm

Current Behavior

Dependencies in the following package.json file are not resolved correctly:

{
  "dependencies": {
    "once": "^1.4.0",
    "pikchr-wasm": "^1.0.1"
  }
}

This is installed:

├─┬ [email protected]
│ └── [email protected]
└─┬ [email protected]
  └── [email protected] deduped

Expected Behavior

Notice how the wrong once module got installed for pikchr-wasm, it's dependency tree should look like this:

[email protected]
└── once@npm:@fabiospampinato/[email protected]

I guess the problem is that NPM got confused since I'm using an alias for a module, and that alias is the name of another module that the parent package needs.

Steps To Reproduce

Run npm i on that package.json.

Environment

  • npm: 8.3.0
  • Node: 17.3.0
  • OS: macOS 12.1
  • platform: arm64
  • npm config:
; "user" config from /Users/fabio/.npmrc

//registry.npmjs.org/:_authToken = (protected) 
init.author.email = "[email protected]" 
init.author.name = "Fabio Spampinato" 
package-lock = false 
script-shell = "zsh" 

; node bin location = /Users/fabio/.nvm/versions/node/v16.13.0/bin/node
; cwd = /Users/fabio/Desktop/asd
; HOME = /Users/fabio
; Run `npm config ls -l` to show all defaults.

fabiospampinato avatar Dec 28 '21 01:12 fabiospampinato

I just checked that it reproduces on latest under Node v17 too.

fabiospampinato avatar Dec 28 '21 01:12 fabiospampinato

hi @fabiospampinato thanks for reporting this issue, just to be sure, the problem here is that npm ls is reporting the wrong package name (not following the alias) ? Everything else works fine in the installation?

ruyadorno avatar Jan 27 '22 04:01 ruyadorno

No, npm installed the wrong package. You can check manually what got installed.

fabiospampinato avatar Jan 27 '22 12:01 fabiospampinato

I have the same problem https://github.com/npm/cli/issues/7884, but only if the version numbers of the two dependencies are identical.

  • playwright uses "1.48.2"

    {
  "name": "playwright",
  "version": "1.48.2",
  /* ... */
  "dependencies": {
    "playwright-core": "1.48.2"
  },
  /* ... */
}

  • rebrowser-playwright uses "npm:rebrowser-playwright-core@~1.48.2"

    {
  "name": "rebrowser-playwright",
  "version": "1.48.2",
  /* ... */
  "dependencies": {
    "playwright-core": "npm:rebrowser-playwright-core@~1.48.2"
  },
  /* ... */
}

{
  "name": "testcase",
  "version": "1.0.0",
  "dependencies": {
    "playwright": "1.48.2",
    "rebrowser-playwright": "1.48.2"
  }
}

$ npm list --all
[email protected] /home/regseb/testcase
├─┬ [email protected]
│ └── [email protected]
└─┬ [email protected]
  └── [email protected] deduped 👎

With different versions, packages are not deduplicated:

{
  "name": "testcase",
  "version": "1.0.0",
  "dependencies": {
    "playwright": "1.48.1",
    "rebrowser-playwright": "1.48.2"
  }
}

$ npm list --all
[email protected] /home/regseb/testcase
├─┬ [email protected]
│ └── [email protected]
└─┬ [email protected]
  └── playwright-core@npm:[email protected] 👍

regseb avatar Oct 30 '24 09:10 regseb