npm
[BUG] npm update not respecting overrides in a workspace
Is there an existing issue for this?
- [x] I have searched the existing issues
This issue exists in the latest npm version
- [x] I am using the latest npm
Current Behavior
Unlike npm install, npm update is not respecting overrides in a workspace.
Expected Behavior
Expecting npm update to respect overrides the same way npm install does.
Steps To Reproduce
package.json
{
"workspaces": [
"alpha"
],
"overrides": {
"react-strict-dom": {
"react": "^19.1.0",
"react-dom": "^19.1.0"
}
}
}
alpha/package.json
{
"name": "alpha",
"version": "0.0.0",
"peerDependencies": {
"react": "^19.1.0",
"react-dom": "^19.1.0",
"react-native": "^0.79.1",
"react-strict-dom": "^0.0.34"
}
}
$ npm install
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
added 323 packages, and audited 325 packages in 10s
20 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
$ npm update
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/react
npm error peer react@"^19.1.0" from [email protected]
npm error alpha
npm error [email protected]
npm error node_modules/alpha
npm error workspace alpha from the root project
npm error peer react@"^19.1.0" from [email protected]
npm error node_modules/react-dom
npm error peer react-dom@"^19.1.0" from [email protected]
npm error alpha
npm error [email protected]
npm error node_modules/alpha
npm error workspace alpha from the root project
npm error 1 more (react-native)
npm error
npm error Could not resolve dependency:
npm error peer react@"^18.2.0" from [email protected]
npm error node_modules/react-strict-dom
npm error peer react-strict-dom@"^0.0.34" from [email protected]
npm error alpha
npm error [email protected]
npm error node_modules/alpha
npm error workspace alpha from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /Users/user/.npm/_logs/2025-04-25T22_13_08_681Z-eresolve-report.txt
npm error A complete log of this run can be found in: /Users/user/.npm/_logs/2025-04-25T22_13_08_681Z-debug-0.log
2025-04-25T22_13_08_681Z-debug-0.log 2025-04-25T22_13_08_681Z-eresolve-report.txt
Compared to when not using a workspace, overrides works fine:
{
"name": "alpha",
"version": "0.0.0",
"peerDependencies": {
"react": "^19.1.0",
"react-dom": "^19.1.0",
"react-native": "^0.79.1",
"react-strict-dom": "^0.0.34"
},
"overrides": {
"react-strict-dom": {
"react": "^19.1.0",
"react-dom": "^19.1.0"
}
}
}
$ npm install
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
added 322 packages, and audited 323 packages in 3s
20 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
$ npm update
up to date, audited 323 packages in 1s
20 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
Environment
- npm: 11.3.0
- Node.js: v23.11.0
- OS Name: macOS
- System Model Name: MBP M1
- npm config:
; "user" config from /Users/user/.npmrc
update-notifier = false
; node bin location = /Users/user/Library/Application Support/fnm/node-versions/v23.11.0/installation/bin/node
; node version = v23.11.0
; npm local prefix = /Users/user
; npm version = 11.3.0
; cwd = /Users/user
; HOME = /Users/user
; Run `npm config ls -l` to show all defaults.
Not sure if related, but looks like #applyRootOverridesToWorkspaces never gets called when doing an update of all packages (when this[_updateAll] is true).
https://github.com/npm/cli/blob/a96d8f6295886c219076178460718837d2fe45d6/workspaces/arborist/lib/arborist/build-ideal-tree.js#L286-L298
Adding an argument for a package to update does call that method, but a "could not resolve" error still happens.
Another possible hint, on the Node class the updateOverridesEdgeInAdded method is called with undefined for child packages like @react-native/virtualized-lists but in non-monorepo it would be OverrideSet.
I suspect the property isn't getting propagated down into the workspace packages, but it is too complex to debug.
I was happy to see the override fix: https://github.com/npm/cli/issues/5850
But for this reason I can't benefit from it yet....
In my case, reproduced on windows11 (on Windows native and Ubuntu with WSL2 both). Both have npm 11.3.0 and node v22.15.0.
