cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

[BUG] `npm outdated --json` doesn't provide distinct workspace packages information

Open apexskier opened this issue 1 year ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

This issue exists in the latest npm version

  • [X] I am using the latest npm

Current Behavior

npm outdated --json dependent field contains a non-identifying string for the package. It can't be used to uniquely identify a local workspace it's referring to. Without --json, you can determine, but I don't want to rely on that for parsing.

Expected Behavior

I'd expect --json's dependent field to contain something I can use to uniquely identify the package, whether it a sub-package in the local workspace, the main package, or something on the registry.

Steps To Reproduce

  1. Clone https://github.com/apexskier/npm-outdated-bug-repro
  2. Run npm outdated –json.

You'll see the output:

{
  "eslint": [
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    },
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    }
  ]
}

Now imagine one of those eslint installs was up to date. Which package is it actually for?

I'd expect to see:

{
  "eslint": [
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "./a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    },
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "./nest/a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    }
  ]
}

or

{
  "eslint": [
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    },
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "nested-a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    }
  ]
}

Environment

  • npm: 10.8.2
  • Node.js: v22.3.0
  • OS Name: macOS
  • System Model Name: 14.5 (23F79)
  • npm config:
; "builtin" config from /opt/homebrew/lib/node_modules/npm/npmrc

prefix = "/opt/homebrew"

; "user" config from /Users/cameronlittle/.npmrc

//registry.npmjs.org/:_authToken = (protected)

; node bin location = /opt/homebrew/Cellar/node/22.3.0/bin/node
; node version = v22.3.0
; npm local prefix = /Users/cameronlittle/Developer/test
; npm version = 10.8.2
; cwd = /Users/cameronlittle/Developer/test
; HOME = /Users/cameronlittle
; Run `npm config ls -l` to show all defaults.

apexskier avatar Aug 20 '24 05:08 apexskier

Additionally, the root package's "dependent" is the name of its folder, which is a little odd. This shows in the human readable output as well (without --json). This'll have the same ambiguity if a sub-folder with the same name is used as a sub-package.

apexskier avatar Aug 20 '24 05:08 apexskier