Cli: [BUG] npm update --depth breaks dependencies
What / Why
NPM reports unmet dependency after performing a recursive/deep update
When
- After running
npm --depth 9999 update
Where
- n/a
How
Current Behavior
- After update,
npm lsreports a lot of missing/unmet dependencies, for example:
โโโฌ @semantic-release/[email protected] โ โโโ @semantic-release/[email protected] deduped โ โโโ [email protected] deduped โ โโโฌ [email protected] โ โ โโโ [email protected] โ โโโฌ UNMET DEPENDENCY [email protected]
npm ERR! missing: [email protected], required by @semantic-release/[email protected]
Steps to Reproduce
- Create a folder locally and run
npm init - Install a package with more than one level of dependencies, e.g.
npm i -D @semantic-release/exec - Wait for one of their deep dependencies to get a newer version
- Run
npm --depth 9999 update
Expected Behavior
- There shouldn't be any unmet dependencies. Updates are performed according to the
package.jsonfile of their parent or anynpm-shrinkwrap.jsonof their ancestor. - In another word, it should act as if there is no
package-lock.jsonand proceed to resolve all dependencies, install/update/remove as necessary, and then update the lockfile with the resolved tree.
Who
- n/a
References
- n/a
zypA13510
All 4 comments
Looks like I've prepared duplicated issue
What / Why
Command npm update --depth <number> loses dev: true for updated devDependencies dependencies.
When
- Whenever I use
npm update --depth <number>for packages with not fresh devDependencies dependencies
Where
- npm public registry
How
Current Behavior
It loses dev: true for updated devDependencies dependencies
Steps to Reproduce
- Take this repo https://github.com/pahan35/npm-bugs
- Checkout branch
loses-dev-for-dev-deps - Run
npm i - Run
npm update --depth 7
Expected Behavior
I expect that this action should keep dev: true for updated devDependencies dependencies
References
Possibly related to #944
pahan35
on 25 Feb 2020
I'm also experiencing that npm update forgets the dev flag for the dependencies when --depth is greater than 0. Maybe it is not necessary for lower depth?
tflori
on 18 Mar 2020
I found out that the dev flag is restored after reinstalling the node modules (rm -rf node_modules; npm install)
tflori
on 18 Mar 2020
I see the same issue of loosing the dev flag after using npm update --depth but only for dev dependencies of my project which are real dependencies at an other dependency.
In my case an other dependency adds "@types/node" as dependency but at my project has it as dev dependency:
package.json of dependency "a":
{
name: "a",
dependencies: {
"@types/node": ">=5.10"
}
}
my project:
{
dependencies: {
"a": "1.0.0"
},
devDependencies: {
"@types/node": "^12.0.0",
"somethingElse": "1.0.0"
}
}
after npm update --depth=99 the dev flag is ok for somethingElse but it is wrong for @type/node
edit: npm install seems to store the @types/node as dev dependency at the root + as dependency at nested node_module at component "a".
npm update installes it only once as dependency at root
Ulrikop
on 28 Aug 2020
Related issues
theADAMJR
ยท
3Comments
Cohen-Carlisle
ยท
4Comments
CliffS
ยท
3Comments
OnkelTem
ยท
4Comments
darcyclarke
ยท
3Comments
Most helpful comment
Looks like I've prepared duplicated issue
What / Why
Command
npm update --depth <number>losesdev: truefor updated devDependencies dependencies.When
npm update --depth <number>for packages with not fresh devDependencies dependenciesWhere
How
Current Behavior
It loses
dev: truefor updated devDependencies dependenciesSteps to Reproduce
loses-dev-for-dev-depsnpm inpm update --depth 7Expected Behavior
I expect that this action should keep
dev: truefor updated devDependencies dependenciesReferences
Possibly related to #944