Cli: [BUG] npm install can potentially delete .git directory

Created on 7 Aug 2020  路  5Comments  路  Source: npm/cli

This behavior is only reproducible with a specific version of resolve, but it is only reproducible on npm 7. I'm pretty sure the deletion of the .git folder is an unfortunate side effect of a missing dependency causing unexpected behavior in safe-publish-latest. This behavior is happening independent of --legacy-peer-deps

Current Behavior:

npm install fails with the error Error: Cannot find module 'camelcase', bails, and the .git folder is deleted

Expected Behavior:

Modules to be installed and .git folder to not be affected.

Steps To Reproduce:

This will permanently damage the repo so please do it in a fresh install

$ git clone https://github.com/browserify/resolve.git
$ cd resolve
$ git checkout v1.17.0
$ npm install

Environment:

OSX 10.15.6
Node.js v14.6.0
npm v7.0.0-beta.2

Bug Needs Triage Release 7.x

Most helpful comment

Ooh, this is a fun one. Note that it only happens if the folder is named resolve.

For some reason, it's trying to reify the published resolve version over the root node of the project. That's not supposed to happen :)

All 5 comments

for the record, safe-publish-latest has a dep on yargs 7, which depends on camelcase.

A couple notes before I vanish for the weekend. This bug is unrelated to any of the scripts being run by the package and with a bit of poking I've managed to find even stranger behavior... npm seems to be bringing folder back FROM THE DEAD

$ git clone https://github.com/browserify/resolve.git
$ cd resolve
$ git checkout v1.17.0
$ rm -rf .git
$ rm -rf test/
$ rm -rf examples/
$ git init
$ git add .
$ git commit -m "Seriously wat"
$ npm install

You will notice that not only is the .git folder blown away, but test/ and examples/ is restored... something I can't for the life of me figure out how or why is happening.

Ooh, this is a fun one. Note that it only happens if the folder is named resolve.

For some reason, it's trying to reify the published resolve version over the root node of the project. That's not supposed to happen :)

Fixed in beta branch. 5fb217701c060e37a3fb4a2e985f80fb015157b9

Was this page helpful?
0 / 5 - 0 ratings

Related issues

millerick picture millerick  路  3Comments

ahuglajbclajep picture ahuglajbclajep  路  3Comments

jaydenseric picture jaydenseric  路  3Comments

zypA13510 picture zypA13510  路  4Comments

goldingdamien picture goldingdamien  路  4Comments