Skip to content

[BUG] Invalid packages when scoped overrides are used butby a different package #7087

New issue
New issue
Open
Open
[BUG] Invalid packages when scoped overrides are used butby a different package#7087
Labels
Bugthing that needs fixingPriority 2secondary priority issueconfig:overridesIssues dealing with the overrides feature
@Anutrix

Description

@Anutrix
Anutrix
opened on Dec 15, 2023

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

npm install gives invalid package-lock.json when scoped overrides are used but project contains another dependency that uses it.
npm ls doesn't even show the culprit.

Expected Behavior

npm install should not give invalid packages when scoped overrides are used but project contains another dependency that uses it.
npm ls should be able to find and list the offending the package.

Steps To Reproduce

  1. In an empty folder, create a package.json with the contents:
{
  "name": "abc",
  "version": "1.2.3",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo 'Hi' && exit 1"
  },
  "author": "",
  "license": "MIT",
  "devDependencies": {
    "lerna": "4.0.0"
  },
  "dependencies": {
    "highcharts-export-server": "^2.1.0"
  },
  "overrides": {
    "highcharts-export-server": {
      "request": {
        "tough-cookie": "4.1.3"
      }
    }
  }
}
  1. npm install.
  2. Run npm ls tough-cookie:
❯ npm ls tough-cookie
npm ERR! code ELSPROBLEMS
npm ERR! invalid: [email protected] /Users/<username>/<path>/node_modules/tough-cookie
[email protected] /Users/<username>/<path>
└─┬ [email protected] overridden
  ├─┬ [email protected]
  │ └─┬ [email protected] overridden
  │   └── [email protected] deduped invalid: "~2.5.0" from node_modules/request
  └─┬ [email protected]
    └── [email protected] invalid: "~2.5.0" from node_modules/request


npm ERR! A complete log of this run can be found in:

Notice the errors but there is no mention of lerna.
4. Remove lerna 4.0 or change it to lerna 5.0 which doesn't use request and repeat above steps. Notice there are no issues this time.

Environment

  • npm: 10.1.0
  • Node.js: 20.8.1
  • OS Name: Mac OS Sonoma 14.2
  • System Model Name: Macbook Pro - Intel i9
  • npm config:
; "user" config from /Users/<username>/.npmrc

registry = "https://registry.npmjs.org/"

; node bin location = /Users/<username>/n/bin/node
; node version = v20.8.1
; npm local prefix = /Users/<username>/<path>
; npm version = 10.1.0
; cwd = /Users/<username>/<path>
; HOME = /Users/<username>
; Run `npm config ls -l` to show all defaults.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bugthing that needs fixingPriority 2secondary priority issueconfig:overridesIssues dealing with the overrides feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions