cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

Same npx command called by postinstall of 2 or more deps causes corruption

Open nealeu opened this issue 3 years ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

This issue exists in the latest npm version

  • [X] I am using the latest npm

Current Behavior

We have periodic npx failures which had been difficult to track down, but having got into our CI containers we've discovered that npm ci is triggering parallel execution of postinstall scripts of our dependencies, some of which are using the same dependency via npx.

The result is often reports of corrupted archives files or a missing entry in the bin/ folder relating to the npx command.

The solution is probably to extract archives to a .new directory and then rename it when fully extracted and configured.

Expected Behavior

Shouldn't fail.

Steps To Reproduce

From the logs:

4209 info run @springernature/[email protected] postinstall node_modules/@springernature/springernature-user-details
4206 timing build:link Completed in 16ms
4207 info run @springernature/[email protected] postinstall node_modules/@springernature/global-autocomplete npm_config_reg
istry=https://registry.npmjs.org/ npx @springernature/[email protected] -p @springernature/[email protected] -v 4.
2.2 4.3.0 4.3.1 4.3.2
4208 info run @springernature/[email protected] postinstall node_modules/@springernature/springernature-header npm_config
_registry=https://registry.npmjs.org/ npx @springernature/[email protected] -p @springernature/[email protected]
 -v 10.0.0 10.0.1 10.0.2 10.0.3 10.0.4 10.1.0 10.1.1 10.1.2 10.1.3

Environment

  • npm: 8.12.1
  • Node.js: 16.14.0
  • OS Name: Linux
  • npm config:
; "user" config from /home/neale/.npmrc

//npm.pkg.github.com/:_authToken = (protected) 
//registry.npmjs.org/:_authToken = (protected) 

; "env" config from environment

prefix = "/home/neale/.asdf/installs/nodejs/16.14.0/.npm" 

; node bin location = /home/neale/.asdf/installs/nodejs/16.14.0/bin/node
; node version = v16.14.0
; npm local prefix = /home/neale/projects/online-publication-agreements/oasis-mirage
; npm version = 8.12.1

nealeu avatar Jun 09 '22 15:06 nealeu

Our workaround has worked. We've removed 2 of the 3 by updating to versions that add to devDependencies instead of using npx which proves out the parallel issue.

nealeu avatar Jun 13 '22 09:06 nealeu