[BUG] `npm i` infinite recursion with local dependencies

creativecreatorormaybenot commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

This issue exists in the latest npm version

[X] I am using the latest npm

Current Behavior

When using npm@9.1.2 and adding local dependencies, npm install fails / hangs forever at idealTree:#root.

The added dependencies look like this:

  "dependencies": {
    "@org/package-one": "file:./package-one-1.0.0.tgz",
    "@org/package-two": "file:./package-two-1.0.0.tgz",
    "@org/package-three": "file:./package-three-1.0.0.tgz",
    "@org/package-four": "file:./package-four-1.0.0.tgz",
    "@org/package-five": "file:./package-five-1.0.0.tgz"
  },

The logs generated using npm i --verbose look like this:

1444 silly placeDep ROOT @org/package-one@1.0.0 REPLACE for:  want: file:/Users/user/project-root/packages/package-one
1445 silly placeDep ROOT @org/package-two@1.0.0 REPLACE for:  want: file:/Users/user/project-root/packages/package-two
1446 silly placeDep ROOT @org/package-three@1.0.0 REPLACE for:  want: file:/Users/user/project-root/packages/package-three
1447 silly placeDep ROOT @org/package-four@1.0.0 REPLACE for:  want: file:/Users/user/project-root/packages/user/backend/accessor
1448 silly placeDep ROOT @org/package-five@1.0.0 REPLACE for:  want: file:/Users/user/project-root/packages/user/backend/models
1449 timing idealTree:#root Completed in 5ms
1450 silly placeDep ROOT @org/package-one@1.0.0 REPLACE for: packages/app want: file:./package-one-1.0.0.tgz
1451 silly placeDep ROOT @org/package-two@1.0.0 REPLACE for: packages/app want: file:./package-two-1.0.0.tgz
1452 silly placeDep ROOT @org/package-three@1.0.0 REPLACE for: packages/app want: file:./package-three-1.0.0.tgz
1453 silly placeDep ROOT @org/package-four@1.0.0 REPLACE for: packages/app want: file:./package-four-1.0.0.tgz
1454 silly placeDep ROOT @org/package-five@1.0.0 REPLACE for: packages/app want: file:./package-five-1.0.0.tgz
1455 timing idealTree:packages/app Completed in 2ms

This will repeat forever. If I let npm i sit, this will print these exact same 12 lines tens of thousands of times.

Expected Behavior

Downgrading to npm@8.19.3 completely resolves the issue:

user@mbp app % npm i

added 5 packages, and audited 740 packages in 7s

103 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

Steps To Reproduce

Note that the app sits in a project that uses NPM workspaces (located at project-root).

Environment

npm: 9.1.2
Node.js: v16.14.0
OS Name: macOS 12.6
System Model Name: Macbook Pro (14-inch, 2021)

npm config:

npm WARN config This command does not support workspaces.
; node bin location = /usr/local/bin/node
; node version = v16.14.0
; npm local prefix = /Users/user/project-root/a
; npm version = 8.19.3
; cwd = /Users/user/cs/agym-co/a/packages/app
; HOME = /Users/user
; Run `npm config ls -l` to show all defaults.

fritzy commented 1 year ago

Do any of these tarballs inter-depend on each other? What are some example package.json's from them? Please provide more detailed minimal reproduction information. An example package.json for the root, workspace, and tarballs, perhaps?

creativecreatorormaybenot commented 1 year ago

@fritzy All packages are in the same NPM workspace, i.e. some of these depend on another package in the workspace.

creativecreatorormaybenot commented 1 year ago

@fritzy ping for update just in case you did not see the additional information :v:

npm / cli