WARN Removing <package> that was installed by a different package manager

[minecrawler]

pnpm version:

0.65.4

Code to reproduce the issue:

pnpm i commander

Expected behavior:

• Installs commander module

Actual behavior:

• Deletes folders without my consent, (with above message, DANGEROUS)
• updates other dependencies, (why? I wanted to install something, not update stuff)
• fails on custom module which is not yet on npm

-> I just wanted to install a module, now my work of the day is ruined, thank you

Additional information:

• node -v prints: v6.9.4
• Windows, OS X, or Linux?: Windows
• The deleted folders were Git repositories of npm modules

PNPM is not usable, it is outright dangerous, because the behavior is unexpected. It deletes files without prior warning and consent, hence data-loss did happen. That kind of behavior is not acceptable.

[zkochan]

Please use the pnpm link command to link in modules that are not on npm yet.

To avoid data loss, I suggest to rename these folders instead of deleting. So there'll be a warning that says: WARN Renaming <package> to .ignored/<package> that was installed by a different package manager

updates other dependencies, (why? I wanted to install something, not update stuff)

I agree. I'll look into how this can be fixed. Basically it works like this currently because I wasn't sure peer dependencies resolution would work correctly w/o having information about the whole dependency tree

[minecrawler]

@zkochan Would it be possible to hard-fail when folders were found, which seem to be installed by "a different package manager" and ask the user to use a certain command (similar to pnpm link) to either ignore them and just use the info from package.json or delete them manually? Then the log could be like

$ pnpm i commander
ERROR: Found "some-github-repo-package" which was installed by a different package manager.
Please remove that package from node_modules or add it to the dont-care-list!
$

$ pnpm dont-care some-github-repo-package
Added the package "some-github-repo-package" to the dont-care list. pnpm will use the version information from `package.json` for dependency resolving, but not update that package any more.
$

$ pnpm i commander
WARN: Found "some-github-repo-package" which was installed by a different package manager.
commander                                                       1.2.3 ·
$

$ pnpm update .
WARN: Found "some-github-repo-package" which was installed by a different package manager.
ERROR: "some-github-repo-package" does not meet the minimum needed version for "some-other-package". Please update "some-github-repo-package" manually to meet the required version "1.2.3".
$

(after updating the package manually)

$ pnpm update .
WARN: Found "some-github-repo-package" which was installed by a different package manager.
commander                                                       1.2.4 ·
some-github-repo-package                              1.2.3 ·
some-other-package                                         1.0.1 ·
$

[zkochan]

I don't know, for now I did the quick fix that I described above. But I am keeping this issue open to discuss it more in the future

[zkochan]

@minecrawler I fixed this issue:

updates other dependencies, (why? I wanted to install something, not update stuff)

you can try the latest pnpm

[rafaelspring]

1. Wanted to use svelte-recaptcha-v2 (https://github.com/basaran/svelte-recaptcha-v2) in my project.

2. Installed pnpm and ran pnpm install -D svelte-recaptcha-v2 in the terminal in my project folder as suggested by the project's readme.md file.

3. WTF

    WARN  Moving @sveltejs/kit that was installed by a different package manager to "node_modules/.ignored
    WARN  Moving @tailwindcss/typography that was installed by a different package manager to "node_modules/.ignored
    WARN  Moving @types/fuzzyset that was installed by a different package manager to "node_modules/.ignored
    WARN  Moving autoprefixer that was installed by a different package manager to "node_modules/.ignored
    WARN  Moving debug that was installed by a different package manager to "node_modules/.ignored

which resulted in

The following dependencies are imported but could not be resolved:

  core-js/es/array/at.js (imported by /Users/rafael/code/gotitpub/src/lib/pdfjs/src/shared/compatibility.js)
  core-js/es/typed-array/at.js (imported by /Users/rafael/code/gotitpub/src/lib/pdfjs/src/shared/compatibility.js)
  core-js/web/structured-clone.js (imported by /Users/rafael/code/gotitpub/src/lib/pdfjs/src/shared/compatibility.js)
  dialog-polyfill/dist/dialog-polyfill.js (imported by /Users/rafael/code/gotitpub/src/lib/pdfjs/web/overlay_manager.js)

when I tried to run my project again.

Luckily a npm install in my project folder got it fixed again, but to someone unfamiliar with package managers this can easily ruin a workday or two.

Even having a small bit of experience with this tech would have never ever expected that pnpm would just go ahead and ruin a project like that.

I completely agree with OP here: PNPM is not usable, it is outright dangerous, because the behavior is unexpected. It deletes files without prior warning and consent, hence data-loss did happen. That kind of behavior is not acceptable.

[liliangrong777]

same error

pnpm:8.14.0 Windows, OS X, or Linux?: Windows