cli
cli copied to clipboard
[BUG] npm removes invalid references instead of failing with an error starting in `9.6.6`
Is there an existing issue for this?
- [X] I have searched the existing issues
This issue exists in the latest npm version
- [X] I am using the latest npm
Current Behavior
Starting with npm 9.6.6
if we run npm install [email protected] --package-lock-only
with a package.json
containing invalid references, it succeeds and removes the invalid references instead of failing with a validation error like previous versions
npm install
fails as expected
I went over the release notes of 9.6.6 and I could not find any mention about this change in behavior. Was this intentional?
Expected Behavior
In 9.6.5
the same command fails with the error npm ERR! must provide string spec
Steps To Reproduce
Reproducer : https://github.com/yeikel/npm-invalid-dependency-removed Logs : https://github.com/yeikel/npm-invalid-dependency-removed/actions/runs/5994585281/job/16256409062
-
git clone https://github.com/yeikel/npm-invalid-dependency-removed.git
-
nvm install 18
-
nvm use 18
- npm --version ->
9.6.7
- Run
npm install [email protected] --package-lock-only
Expected : npm should fail with the following error npm ERR! must provide string spec
Actual :
- npm succeeds
- npm removes the invalid dependencies from the
package.json
diff --git a/package.json b/package.json
index fc17427..22a8ea8 100644
--- a/package.json
+++ b/package.json
@@ -1,4 +1,3 @@
-
{
"name": "name",
"version": "1.0.0",
@@ -15,12 +14,6 @@
},
"homepage": "https://github.com/waltfy/PROTO_TEST#readme",
"dependencies": {
- "fetch-factory": "^0.0.1"
- },
- "devDependencies": {
- "etag": "^1.0.0",
- "cordova-plugin-geolocation": {
- "GEOLOCATION_USAGE_DESCRIPTION": "To locate you"
- }
+ "fetch-factory": "^0.0.2"
}
}
Environment
- npm: Any after 9.6.5
- Node.js: 18
This would technically be a breaking change for the end user and therefore not inline with the semantic versioning spec.
@wraithgar Do you have any insights about this one? From the release diff, it seems that you are the main contributor of this release