It's not about being grumpy or denigrate the huge work done by npm team, but obviously the release of npm5 was not enough tested and the amount of issues is huge… I think it would be better for everyone to bundle npm 4 into node 8, and wait for bugs resolution to embed npm 5. I know it will mess with semver and may not be easy to handle. But the current situation is most installations with node 8 just fail because of npm. As 8 is supposed to be LTS, which is understood by many users as "very stable", it can cause real production issues.
Reference issue at npm: npm/npm#16991
As 8 is supposed to be LTS
It's not LTS yet.
I agree npm@5 has been more than a little buggy but there is probably no way back in node 8, that would be a major version bump in itself.
npm@5 has been more than a little buggy
Very buggy indeed!
Like Ben said, we can't really do this, so I'll close out the issue.
Hm, this reminds me of another time node
politics pushed a lot of users into the crossfire of software they didn't want. Hopefully we don't need a fork to fix this.
Is there any other plan here, other than "don't use node 8
for now because it includes broken dependencies and our hands are tied"?
Or maybe just run npm install -g npm@4
If npm 5 isn't working for you, instead of adding vitriol to a github thread?
Thanks, doin' exactly that! (forked node8 with npm4, current butterzone for us) Hopefully a short lived fork 🙏.
I'm still genuinely interested if there's an official plan other than acknowledgement of the issue (which is better than nothing!).
I'm still genuinely interested if there's an official plan other than acknowledgement of the issue (which is better than nothing!).
I think given that we've released Node 8.x with npm5, and reverting to npm4 would be semver-major
, the only option is for people to contribute to the (open source) npm cli project and fix the bugs.
Well, I guess I found out where the devs on my team are accidentally downloading a broken NPM from...
@ljharb -- I think it's a little over the top to label modulesio's comment as vitriol. This is a big deal. I work on a team where not everyone has node / npm-fu, and one of the (former?) great things about the node community has been the dedication to things working without having to do arcane shit, basically a pragmatic angling towards making sure everything works and fits well together.
Is there some way we can make sure that new NPM doesn't make its way into LTS in its current state? AFAIK the issues are significantly worse for windows users, too.
What will the node team do if NPM continues to be borked in the near future? rev node 8 to node 9 and move the NPM dependency backwards?
@cjihrig npm is still broken. It is really a serious problem - especially for newcomers that might not be so familiar with how to do a manual downgrade. I think this problem needs to be taken seriously... If you insist on keeping a broken bundle for node 8, than what linking to node 7.9 (with npm 4) instead on the homepage for newcomers and naming the current node 8 bundle as beta?
@mmc41 Node.js 7 is no longer supported, no one should be using it. If you need an older Node, install version 6. This version includes npm 3, though.
Node 7 is end-of-life. As previously mentioned, changing to npm 4 would be a breaking change, so it can't land on Node 8. You could ask @jasnell to include npm 4 in the upcoming Node 9 release, but I don't think that is a good idea. You could also try taking your issues with the npm client to the npm issue tracker. Personally, I'd like to see Node offer the choice of installing with yarn.
I'd like to see Node offer the choice of installing with yarn.
Yes, this. I'd like us to be able to remove npm from our source tree and have the installer provide the option of downloading the current version of either client on install.
@jasnell Currently Windows version of Node.js keeps npm in Node's directory; npm --global install npm
will install the latest version in a different place (where all global packages lie). This is problematic, causes version precedence problem - by default the built-in npm will still be used, etc.
If latest npm (or Yarn) was going to be downloaded by the installer, it'd be good to resolve this problem or it will become even worse - if latest npm is broken for Windows users, they will have it hard to downgrade to a working version.
@jasnell -- Seems like a perfectly fine solution, but the choice still shouldn't include npm v5 without red bang "This probably won't work" warnings.
@cjihrig -- Why do you think moving to NPM 4 for node 9 is a bad idea? Until NPM 5 is stable (e.g. months given anecdotal projections), newer versions of node have no path to long term support because they're using a fundamentally broken version of NPM.
@mgol why on windows would the npm in npm root -g
not be the primary one, just like on Mac/Linux (by having it first in PATH)?
Why do you think moving to NPM 4 for node 9 is a bad idea?
Shipping npm 4 to everyone after already shipping npm 5 in the previous version would be disruptive and confusing. It's much simpler for people having issues to run npm install -g npm@4
.
Also, npm no longer supports npm 4; their current policy is to only support latest.
@mgol why on windows would the npm in npm root -g not be the primary one, just like on Mac/Linux (by having it first in PATH)?
Here's an official explanation by npm: https://github.com/npm/npm/wiki/Troubleshooting#upgrading-on-windows. This is so hard there's a separate npm package meant to aid with this process...
@cjihrig -- Just so I understand what you're saying:
I think everyone's factually on the same page, but I think some people in this thread are a lot more concerned about shipping something that is "known bad" than they are about some potential for confusion because an older but functional tool is working.
@ljharb -- I hear you, but if the choice is between something that is fundamentally broken and supported and something that is functional and unsupported, the pragmatist in me would win out. Why doesn't NPM follow a "latest stable" convention?
Part of my confusion might be this: Does NPM 5 work on non-windows systems and thus there is a cultural part of this conversation I don't fully understand? Or is it as busted on *nix as it is on Windows?
@brphelps It works fine on non-Windows in my experience; there's still bugs but they're rare and often trivial to fix with rm -rf node_modules
.
As a pragmatist I'd think you'd want the choice between something that will continue to get updates if it starts being broken - "functional and unsupported" gets to "irreparably broken" pretty fast.
@mgol while that sounds frustrating, it seems like a windows flaw, and it seems like Microsoft provided a tool to address it. I'm not sure how that problem would be any different in npm 4 or 5.
@jasnell yarn isn't yet feature complete wrt npm; there's a lot of due diligence and bug fixing that would need to be done before it's inclusion in the default install would be viable. In theory, of course, a package manager CLI -agnostic node would be ideal.
I'm not suggesting making yarn the default, just updating the installer so that either client may be installed. Then removing the bundled npm from the source tree
I'm not suggesting making yarn the default, just updating the installer so that either client may be installed. Then removing the bundled npm from the source tree
Of course if you were to do this you'd need to make sure there was a way for people who just curl a tarball to get npm
(or any other package manager).
Wasn't this discussed at some length recently? I can't remember where the issue was.
@ljharb -- Alright, I think that confirms why there's general resistance then. If this was a cross platform issue I seriously doubt NPM 5 would've been accepted as node's default install as is.
Also,
As a pragmatist I'd think you'd want the choice between something that will continue to get updates if it starts being broken - "functional and unsupported" gets to "irreparably broken" pretty fast.
I'm not sure how you think that applies in this situation. Of course everyone wants to be latest and greatest, but when latest and greatest doesn't prioritize other platforms (e.g. windows), we're kind of screwed. NPM 5 has been pretty much non-functional on windows with projects of any reasonable size. The last version I verified was still fundamentally broken was 5.3, if you're saying 5.4 is not then I will spend another X hours seeing what known issues cause my installs to fail.
Kind of frustrating in general that because platform A works with latest we're letting platform B's default experience suffer. Doesn't really seem culturally "great".
@jasnell yes, i'm saying if it's even an option on the official install path then it should have to meet a certain feature bar.
@brphelps i empathize with your frustration there. Ideally the npm team would address these problems ASAP; I can't speak for them, but I certainly hope their roadmap can accomodate it.
@brphelps - Re "Does NPM 5 work on non-windows systems?" - As a data point - npm@5
has (at least up to 5.3.0) several show-stoppers running in Docker for CI (see e.g. https://github.com/npm/npm/issues/16807, https://github.com/npm/npm/issues/17658, https://github.com/npm/npm/issues/17301) which forced us to abandon it in favour of 4.6.1 and yarn
.
Given they're still not resolved AFAIK, and the habit of bug reports being auto-closed before being triaged (e.g. the last example above), we're unlikely to be going back to npm
now, FWIW.
@cjihrig shipping something that does not work is more disruptive than shipping an old version that does work in Node 9. Also, you forget about newcomers to node. They expect the bundle version to work out of the box and don't know how to downgrade (which is not as easy as you write - you generally also have to clear the cache too).
@choliver -- Thanks for sharing. I assumed the 5.X roadbump was something that would smooth itself out quickly and haven't really been looking for good alternatives, sounds like it's time for us to investigate yarn as an option.
Does Docker CI have an active issue that's tracking NPM 5.X adoption open in its repos at all? Just thinking I might want to watch it to see if you guys eventually switch over.
@mgol while that sounds frustrating, it seems like a windows flaw, and it seems like Microsoft provided a tool to address it. I'm not sure how that problem would be any different in npm 4 or 5.
@ljharb This is unrelated to npm 4 or 5 specifically. This responds to @cjihrig's & @jasnell's idea that Node.js might not bundle npm but its installer might install the latest version. If the installer installs latest npm in the same location that it normally installs the bundled one, it will create problems for Windows users - suddenly the Node version that used to work for them no longer does after a reinstall and changing the npm version installed requires them changing some low-level things manually or going through unofficial packages.
In the current state of things at least they'd get consistent versions as long as they stick to the same version of the installer.
@jasnell make yarn the default. Distance yourself from npm. Only going get worse. Or better, just create your own package manager.
Up until about last week I thought that npm and node.js were one and the same (or at least, very closely tied). I had never given it much thought. I just, wrongly, assumed that since npm was bundled with node.js it would be just as just a solid and stable. piece of software -- maintained by the same people. Issues with npm reflect very badly on node.js even though you have little control over them. You just have to browse a few issues on npm, which is only marginally representative of the js developer population, to see this. Very uncommon _not_ to see comments such as "thinking of leaving node development, npm sucks".
I'm using yarn now, don't ever want to have to deal with a package manager breaking my builds again due to regression issues.
https://github.com/npm/npm/issues/18380 is, quite frankly, disgraceful. No response from maintainers, not triaged, not anything. Someone has even narrowed it down to the commit which caused it. No one cares. Sad.
@Mardoxx @jasnell In my experience, yarn is also quite buggy. I found npm 4.x to work fine - any thing newer is quite buggy. In particular, there are many, many regression errors in both so it is quite typical that an update to either npm or yearn will fix some errors and reintroduce new ones. I suspect that the root reason is very inadequate automated tests (haven't looked at the source yet though).
Yes, this. I'd like us to be able to remove npm from our source tree and have the installer provide the option of downloading the current version of either client on install.
Yes please.
As a complete newbie, I can verify that I'm totally confused about what's happening with npm 5+.
I want to create apps in React Native, and they require me to use a previous version of npm.
I've seen bits and pieces about what to do next... I need to downgrade to 4.something ... and I need to empty a cache?
Do I need to uninstall Node too? Super confusing
I want to create apps in React Native, and they require me to use a previous version of npm.
Do you have a link to the part that says you have to use a previous version of npm? A quick google turns up this: https://github.com/facebook/react-native/issues/14767 , which suggests that you might be okay with npm 5.
It also tells you how to install npm 4 in https://github.com/facebook/react-native/issues/14767#issuecomment-312249551:
npm install -g npm@4
Nothing in that page tells you to clean a cache, but assuming you need to, it's npm cache clean -f
.
You don't need to uninstall node.
You can check that it worked by typing npm -v
after installing npm4, it should print 4.6.1
(or similar).
Thanks for the reply @gibfahn. I was able to install npm4 and it seems to be working now.
I forget exactly what the command was, but I know it was in the terminal. I think it was when I used create-react-native app or something like that - it came up with an error message saying, “unfortunately npm 5 is not supported; we recommend downgrading to npm 4.”
I’m new and pretty over my head, but I’m really enjoying learning all this so far. Very, very cool how strong of a community-focus there is – github & open-source projects are blowing my mind.
@mjwalkermusic that is correct. When you try to generate a React Native project using create-react-native-app
, it gives out an error saying npm@5 has issues and does not work with create-react-native-app
, so it suggests downgrading or using yarn.
when i try to run npm install -g npm@4 it times out, any suggestions?
@bw70316 it works: npm install -g npm@4
although it takes more time than usual.
I think there is nothing more that can be done here right now. So I am closing the issue. A lot of things got fixed in npm since this issue was opened and there will be further fixes as well.
If something is not fixed, please go ahead and help @zkat and the others from npm by opening a PR for it.
Update: I did not pay attention that it was already closed.
Most helpful comment
Or maybe just run
npm install -g npm@4
If npm 5 isn't working for you, instead of adding vitriol to a github thread?