Dev dependencies for this project are appearing in my own project, which is breaking and otherwise slowing down my build.
Minimal steps to reproduce
mkdir ~/deleteme && cd ~/deleteme
npm init
npm i aws-crt@1.12.4
grep puppeteer package-lock.json
# puppeteer correctly does not appear here
ls -l node_modules/aws-crt/node_modules/ | grep puppeteer
# BUG! puppeteer appears here
Details
npm install, with or without the --only=prod flag, shouldn't install transitive dev dependencies. Even if npm installs my project's own dev dependencies, it shouldn't install other projects' dev dependencies. Nevertheless, dev dependencies for aws-crt are somehow being installed in my project.
For example, even though this project declares a dev dependency on puppeteer, installing aws-crt in my project shouldn't result in puppeteer appearing in my package-lock.json file, nor under my node_modules/ dir.
While I don't see it in package lock, I do find it under my node_modules/ dir:
$ grep puppeteer package-lock.json # nothing
$ ls -l node_modules/aws-crt/node_modules/ | grep puppeteer
drwxr-xr-x 7 greimer staff 224 Jun 20 13:21 expect-puppeteer
drwxr-xr-x 10 greimer staff 320 Jun 20 13:21 jest-environment-puppeteer
drwxr-xr-x 7 greimer staff 224 Jun 20 13:21 jest-puppeteer
drwxr-xr-x 13 greimer staff 416 Jun 20 13:22 puppeteer
...so something must be installing it.
Besides filling up disk space, the puppeteer install results in a network call to storage.googleapis.com which attempts to download a puppeteer binary, which causes an error in my CI since that particular server is isolated from the public internet. That's how I first noticed the issue.
Diagnosis
I'm confused why this is happening actually, but I'm pretty sure it's something to do with this script in package.json, since that's where my CI is throwing the error:
npm ERR! code 1
npm ERR! path /my/project/node_modules/aws-crt
npm ERR! command failed
npm ERR! command sh -c npm install npm-force-resolutions && npx npm-force-resolutions && npm install npm-force-resolutions && npx npm-force-resolutions
npm ERR! npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm ERR! npm WARN deprecated puppeteer@3.3.0: Version no longer supported. Upgrade to @latest
npm ERR! npm ERR! code 1
npm ERR! npm ERR! path /my/project/node_modules/aws-crt/node_modules/puppeteer
npm ERR! npm ERR! command failed
npm ERR! npm ERR! command sh -c node install.js
npm ERR! npm ERR! ERROR: Failed to set up Chromium r756035! Set "PUPPETEER_SKIP_DOWNLOAD" env variable to skip download.
npm ERR! npm ERR! Error: getaddrinfo ENOTFOUND storage.googleapis.com
[as oncomplete] npm ERR! npm ERR! at GetAddrInfoReqWrap.onlookup (node:dns:71:26)
npm ERR! npm ERR! -- ASYNC --
npm ERR! npm ERR! at BrowserFetcher.<anonymous> (/my/project/node_modules/aws-crt/node_modules/puppeteer/lib/helper.js:94:19)
npm ERR! npm ERR! at fetchBinary (/my/project/node_modules/aws-crt/node_modules/puppeteer/install.js:148:8)
npm ERR! npm ERR! at download (/my/project/node_modules/aws-crt/node_modules/puppeteer/install.js:54:9) {
npm ERR! npm ERR! errno: -3008,
npm ERR! npm ERR! code: 'ENOTFOUND',
npm ERR! npm ERR! syscall: 'getaddrinfo',
npm ERR! npm ERR! hostname: 'storage.googleapis.com'
npm ERR! npm ERR! }
Dev dependencies for this project are appearing in my own project, which is breaking and otherwise slowing down my build.
Minimal steps to reproduce
Details
npm install
, with or without the--only=prod
flag, shouldn't install transitive dev dependencies. Even if npm installs my project's own dev dependencies, it shouldn't install other projects' dev dependencies. Nevertheless, dev dependencies foraws-crt
are somehow being installed in my project.For example, even though this project declares a dev dependency on
puppeteer
, installingaws-crt
in my project shouldn't result inpuppeteer
appearing in mypackage-lock.json
file, nor under mynode_modules/
dir.While I don't see it in package lock, I do find it under my
node_modules/
dir:...so something must be installing it.
Besides filling up disk space, the
puppeteer
install results in a network call tostorage.googleapis.com
which attempts to download apuppeteer
binary, which causes an error in my CI since that particular server is isolated from the public internet. That's how I first noticed the issue.Diagnosis
I'm confused why this is happening actually, but I'm pretty sure it's something to do with this script in
package.json
, since that's where my CI is throwing the error: