[BUG] No Error Details About Dependency Parents

[fishcharlie]

Is there an existing issue for this?

• [X] I have searched the existing issues

This issue exists in the latest npm version

• [X] I am using the latest npm

Current Behavior

Getting an error when trying to run npm i.

Normally this would be fine and would be possible to debug, but I have NO idea where this dependency is getting installed from.

I'm 99% sure this is due to an outdated dependency. But due to the fact that Electron is not a direct dependency of my project, I have NO idea how to track down which of my direct dependencies is causing this.

npm ERR! code 1
npm ERR! path /Users/charliefish/Developer/Code/node_modules/electron
npm ERR! command failed
npm ERR! command sh -c node install.js
Downloading electron-v2.0.18-darwin-arm64.zip
npm ERR! Error: GET https://github.com/electron/electron/releases/download/v2.0.18/electron-v2.0.18-darwin-arm64.zip returned 404
npm ERR! /Users/charliefish/Developer/Code/node_modules/electron/install.js:54
npm ERR!   throw err
npm ERR!   ^
npm ERR! 
npm ERR! Error: Failed to find Electron v2.0.18 for darwin-arm64 at https://github.com/electron/electron/releases/download/v2.0.18/electron-v2.0.18-darwin-arm64.zip
npm ERR!     at Request.<anonymous> (/Users/charliefish/Developer/Code/node_modules/nugget/index.js:169:61)
npm ERR!     at Request.emit (node:events:390:28)
npm ERR!     at Request.onRequestResponse (/Users/charliefish/Developer/Code/node_modules/request/request.js:1066:10)
npm ERR!     at ClientRequest.emit (node:events:390:28)
npm ERR!     at HTTPParser.parserOnIncomingClient [as onIncoming] (node:_http_client:623:27)
npm ERR!     at HTTPParser.parserOnHeadersComplete (node:_http_common:128:17)
npm ERR!     at TLSSocket.socketOnData (node:_http_client:487:22)
npm ERR!     at TLSSocket.emit (node:events:390:28)
npm ERR!     at addChunk (node:internal/streams/readable:315:12)
npm ERR!     at readableAddChunk (node:internal/streams/readable:289:9)

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/charliefish/.npm/_logs/2022-01-23T01_46_07_453Z-debug.log

Expected Behavior

When an error occurs, it should show you the complete tree of the dependencies so you can track down what direct dependency is requiring electron.

Right now it's IMPOSSIBLE to figure out which of my dependencies is installing Electron. Which makes this issue impossible to debug.

Steps To Reproduce

1. Run npm i with a failure on a dependency of one of your dependencies

Environment

• npm: 8.1.2
• Node.js: v16.13.2
• OS Name: macOS
• System Model Name:
• npm config:

; "user" config from /Users/charliefish/.npmrc

//npm.pkg.github.com/:_authToken = (protected) //registry.npmjs.com/:_authToken = (protected) registry = "https://npm.network.charlie.fish/"

; node bin location = /Users/charliefish/.nvm/versions/node/v16.13.2/bin/node ; cwd = /Users/charliefish ; HOME = /Users/charliefish ; Run npm config ls -l to show all defaults.

[ljharb]

Run npm explain electron

[fishcharlie]

@ljharb That throws an error:

npm explain electron
npm ERR! No dependencies found matching electron

[ljharb]

That is very bizarre then that it'd give you an installation error.

[fishcharlie]

@ljharb I should note, I don't currently have any package-lock.json file or node_modules folder in this directory. Only a package.json.

So when running something like npm outdated I get a lot of MISSING under the Current column. I'm assuming this is because it doesn't have any information to go off of?

Maybe the same thing is happening here? npm explain only works if it can resolve the tree? Which since the installation failed it can't do??

Also one final note. When running npm install, at some point it creates a node_modules folder, but then once the error occurs, it deletes it. This seems like strange behavior for npm install, but I guess it makes sense to ensure it doesn't leave the project in an invalid state.

It never creates a package-lock.json file, maybe because that only occurs upon install success?

[ljharb]

Yes, you need to run npm install successfully before outdated works properly.

[fishcharlie]

@ljharb Ok. Does that apply to explain as well?

[ljharb]

I believe there needs to be a lockfile or node_modules present, yes.

[fishcharlie]

@ljharb Awesome. So this can be triaged and prioritized 😃.

[ljharb]

Can you share your package.json?

[fishcharlie]

@ljharb Here is a slightly edited version removing some sensitive fields:

{
    "name": "PRIVATE",
    "version": "0.0.0",
    "description": "",
    "main": "server.js",
    "dependencies": {
        "@types/express": "4.11.1",
        "aws-sdk": "^2.461.0",
        "aws-serverless-express": "^3.3.6",
        "axios": "0.19.0",
        "bcrypt-nodejs": "0.0.3",
        "body-parser": "1.18.2",
        "cheerio": "1.0.0-rc.2",
        "connect-dynamodb": "^2.0.3",
        "connect-flash": "0.1.1",
        "connect-redis": "3.3.3",
        "cookie-parser": "1.4.3",
        "csurf": "1.9.0",
        "dynamoose": "0.8.7",
        "ejs": "2.5.8",
        "express": "4.16.3",
        "express-fileupload": "0.4.0",
        "express-session": "1.15.6",
        "express-validator": "5.1.2",
        "get-urls": "7.2.0",
        "helmet": "3.12.0",
        "html-pdf": "2.2.0",
        "html-to-text": "4.0.0",
        "i18n": "0.8.3",
        "iap_verifier": "0.0.12",
        "image-resolver": "0.6.1",
        "lodash": "4.17.11",
        "mailchimp-api-v3": "1.13.0",
        "mailgun-js": "0.22.0",
        "md5": "2.2.1",
        "mime": "^2.4.3",
        "morgan": "1.9.1",
        "node-cmd": "3.0.0",
        "oauth2orize": "1.11.0",
        "on-finished": "2.3.0",
        "passport": "0.4.0",
        "passport-http": "0.3.0",
        "passport-http-bearer": "1.0.1",
        "passport-local": "1.0.0",
        "range_check": "1.4.0",
        "recursive-readdir": "2.2.2",
        "request": "2.88.0",
        "request-promise-native": "1.0.5",
        "rimraf": "2.6.2",
        "scriptutils": "1.6.0",
        "session-file-store": "1.2.0",
        "stripe": "5.8.0",
        "twilio": "3.31.0",
        "url-parse": "1.4.7",
        "website-scraper": "3.3.2",
        "xss-filters": "1.2.7"
    },
    "devDependencies": {
        "chai": "4.1.2",
        "codecov": "3.5.0",
        "dynamodb-localhost": "github:fishcharlie/dynamodb-localhost",
        "mocha": "5.2.0",
        "nightmare": "3.0.2",
        "nock": "9.2.5",
        "nyc": "14.1.1",
        "supertest": "3.0.0",
        "zombie": "6.1.4"
    },
    "private": true
}

[ljharb]

Does npm install --only=production also fail?

[fishcharlie]

@ljharb It does not fail.

[ljharb]

Then that narrows it down to your 9 dev deps - you could probably binary search and narrow down which one is breaking?

[fishcharlie]

@ljharb Ok sure. Is that really the solution here tho? Why can't npm just improve the error message? I mean let's be real here, this error message is awful. I don't think it's a reasonable expectation to put the ownership on the developer here. What if there was more dev dependencies? Not every case will be as easy to figure out as this one.

This issue should be triaged and prioritized.

[ljharb]

No, of course not - but it would help npm fix the bug if it’s known what the problem is.

In other words, the error message can only be made better when the root cause is discovered, and you figuring out which dep is breaking it can lead to that.

[fishcharlie]

@ljharb I'm guessing it is nightmare:

https://github.com/segmentio/nightmare/blob/b230e85375bb084007a54c6a1bf698d81b5f2feb/package.json#L24

There package.json has a dependency on:

 "electron": "^2.0.18"

[ljharb]

Separate from the error message, I’d expect npm explain electron to work, even if there’s no lockfile or node_modules. I've filed https://github.com/npm/rfcs/issues/523 for that.

[lukekarrys]

One suggestion to figure this out after I failed install is to look in the debug log. When I installed the package.json above I had this line in there:

1248 silly placeDep ROOT electron@2.0.18 OK for: nightmare@3.0.2 want: ^2.0.18

That is not to say the error message shouldn't be improved, it definitely should. If https://github.com/npm/rfcs/issues/523 is implemented I even think a good first step would be to have it say to run npm explain electron.

Action Items

• [ ] Improve error message when nested dependency fails