cli
cli copied to clipboard
npm
[BUG] npm possibly installs wrong dependencies
Is there an existing issue for this?
- [X] I have searched the existing issues
This issue exists in the latest npm version
- [X] I am using the latest npm
Current Behavior
Based on the discussion with the maintainer of the typescript-eslint project in the SR https://github.com/typescript-eslint/typescript-eslint/issues/8732, npm 10.5.0 wrongly resolves a dependency.
If you check the version listed in ./node_modules/@typescript-eslint/utils/package.json it should be v7 If it's v5 then double check ./node_modules/typescript-eslint - it should contain its own ./node_modules/@typescript-eslint/utils which is v7. If you don't have a v7 version of the utils package - then that's the cause - npm is doing the wrong thing.
Expected Behavior
No response
Steps To Reproduce
Install:
{
"name": "test",
"type": "commonjs",
"devDependencies": {
"@eslint/js": "8.57.0",
"cross-env": "7.0.3",
"eslint": "8.57.0",
"eslint-plugin-jest": "27.9.0",
"typescript": "5.4.2",
"typescript-eslint": "7.3.1"
}
}
Environment
- npm: 10.5.0
- Node.js: 20.11.0
- OS Name: macOS
- System Model Name: Macbook Pro
- npm config:
//registry.npmjs.org/:_authToken = (protected)
audit = false
fund = false
@doberkofler I tried to replicate the issue and ran npm ls @typescript-eslint/utils which appears to be correct and looks like it's not a problem with npm.
└─┬ [email protected]
├─┬ @typescript-eslint/[email protected]
│ ├─┬ @typescript-eslint/[email protected]
│ │ └── @typescript-eslint/[email protected]
│ └── @typescript-eslint/[email protected]
└── @typescript-eslint/[email protected]
What you've got is the following:
-
[email protected]has a dependency on@typescript-eslint/[email protected] -
[email protected]has a peer dependency on@typescript-eslint/eslint-plugin@^7.0.0 -
[email protected]has a dependency on@typescript-eslint/utils@^5.10.0 -
@typescript-eslint/[email protected]has a dependency on@typescript-eslint/[email protected] -
@typescript-eslint/[email protected]has a dependency on@typescript-eslint/[email protected] -
@typescript-eslint/[email protected]has a dependency on@typescript-eslint/[email protected]
So we can see that @typescript-eslint/[email protected] is depended on twice and `@typescript-eslint/utils@^5.10.0 is depended on once.
So I would expect an install that looks like this:
-
node_modules-
@typescript-eslint/[email protected] -
@typescript-eslint/[email protected] -
[email protected] -
[email protected]-
@typescript-eslint/[email protected]
-
-
I.e. Npm installs the most commonly depended on version at the root to have the smallest install.
But instead you get this install:
-
node_modules-
@typescript-eslint/[email protected]-
@typescript-eslint/[email protected]
-
-
@typescript-eslint/[email protected]-
@typescript-eslint/[email protected]
-
-
@typescript-eslint/[email protected] -
[email protected] -
[email protected]
-
I.e. Npm has installed a the lest commonly depended on version at the root and has the largest install.
This seems like incorrect behaviour - npm is preferring the install with most duplication by default.
For comparison:
- [email protected] installs the second, deduplicated install
- [email protected] (with
nodeLinker: node-modules) installs the second, deduplicated install - [email protected]
- with
node-linker=hoisted- installs the second, deduplicated install - with
node-linker=isolated- installs the first, duplicated install
- with
