search

npm / cli

the package manager for JavaScript
https://docs.npmjs.com/cli/
Other
8.45k stars 3.15k forks source link

Same npx command called by postinstall of 2 or more deps causes corruption #5003

Open nealeu opened 2 years ago

nealeu commented 2 years ago

Is there an existing issue for this?

This issue exists in the latest npm version

Current Behavior

We have periodic npx failures which had been difficult to track down, but having got into our CI containers we've discovered that npm ci is triggering parallel execution of postinstall scripts of our dependencies, some of which are using the same dependency via npx.

The result is often reports of corrupted archives files or a missing entry in the bin/ folder relating to the npx command.

The solution is probably to extract archives to a .new directory and then rename it when fully extracted and configured.

Expected Behavior

Shouldn't fail.

Steps To Reproduce

From the logs:

4209 info run @springernature/springernature-user-details@3.0.0 postinstall node_modules/@springernature/springernature-user-details
4206 timing build:link Completed in 16ms
4207 info run @springernature/global-autocomplete@5.0.3 postinstall node_modules/@springernature/global-autocomplete npm_config_reg
istry=https://registry.npmjs.org/ npx @springernature/util-context-warning@0.0.5 -p @springernature/global-autocomplete@5.0.3 -v 4.
2.2 4.3.0 4.3.1 4.3.2
4208 info run @springernature/springernature-header@2.2.1 postinstall node_modules/@springernature/springernature-header npm_config
_registry=https://registry.npmjs.org/ npx @springernature/util-context-warning@0.0.5 -p @springernature/springernature-header@2.2.1
 -v 10.0.0 10.0.1 10.0.2 10.0.3 10.0.4 10.1.0 10.1.1 10.1.2 10.1.3

Environment

//npm.pkg.github.com/:_authToken = (protected) //registry.npmjs.org/:_authToken = (protected)

; "env" config from environment

prefix = "/home/neale/.asdf/installs/nodejs/16.14.0/.npm"

; node bin location = /home/neale/.asdf/installs/nodejs/16.14.0/bin/node ; node version = v16.14.0 ; npm local prefix = /home/neale/projects/online-publication-agreements/oasis-mirage ; npm version = 8.12.1

nealeu commented 2 years ago

Our workaround has worked. We've removed 2 of the 3 by updating to versions that add to devDependencies instead of using npx which proves out the parallel issue.