Open restjohn opened 2 months ago
Aside from the problem of forcing installation of an optional dependency, another cause of this bug is that npm is installing the dev dependencies from the shrinkwrapped package. Apparently this is quite a long-standing issue.
Others are having issues with shrinkwrap as well: https://github.com/npm/cli/issues/4323.
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Consider a package,
lib1
, with the following characteristics.optionalDependency
, with an OS constraint, such asfsevents
package.json
Developer A creates another package,
app1
, which depends onlib1
, and generatesapp1
'spackage-lock.json
withnpm install
also on the platform matching said OS constraint.Developer B, OR a CI process, on a different platform from said OS constraint, runs
npm ci
to installapp1
's dependencies.npm ci
produces an error like the following.Examining
app1
'spackage-lock.json
reveals that npm does not include an"optional": true
entry in the package-lock block forlib1
'sfsevents
dependency.Expected Behavior
npm ci
should retain the optional nature of the platform-specific dependency and proceed with a successful clean install ofapp1
's dependencies regardless of the dependencies.Steps To Reproduce
cd app1
npm ci
Please see the README in the demo repository for quite a bit more detail about the nuances of this behavior.
Also note that the demo repository package
lib1.shrinkwrap
references thefsevents
package through a devDependency, and npm should not be attempting to installlib1.shrinkwrap
devDependencies from theapp1
package anyway.Environment