[BUG] NPM tries to download transitive bundledDependencies

Question

[BUG] NPM tries to download transitive bundledDependencies

mpetuska opened this issue 4 years ago · 5 comments

Current Behavior:

When installing published package that has some bundled dependencies, npm tries to look them up on the repository and fails as a result (since they're not there). It works fine when installing from a tarball.

Expected Behavior:

Npm should skip downloading bundled dependencies and move on to resolving package.json of each bundledDependency in package's node_modules.

Steps To Reproduce:

Try installing this package:

echo @lt.petuska:registry=https://gitlab.com/api/v4/packages/npm/ >> .npmrc
npm install @lt.petuska/js@1.0.0
See error...

npm ERR! code ETARGET
npm ERR! notarget No matching version found for kotlinx-atomicfu@0.14.4.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
npm ERR! notarget 
npm ERR! notarget It was specified as a dependency of '@lt.petuska/js'
npm ERR! notarget

2020-11-07T16_59_53_003Z-debug.log

Environment:

OS: Pop!_OS@20.04_LTS
Node: v14.15.0
npm: 6.14.8

Answer 1 · 2020-11-07T17:16:25.000Z

Can you try with npm v7.0.9?

Answer 2 · 2020-11-07T17:19:09.000Z

I did, different log output, but same end-result

Answer 3 · 2020-11-07T17:23:39.000Z

Here's the output of npm@7.0.9:

npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/kotlin-test-js-runner - Not found
npm ERR! 404 
npm ERR! 404  'kotlin-test-js-runner@1.4.10' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

2020-11-07T17_21_54_149Z-debug.log

Note that kotlin-test-js-runner is one of bundledDependencies and present in tarball:package/node_modules

Answer 4 · 2020-11-07T17:30:16.000Z

Currently I'm using a workaround for thy by writing a custom npm-shrinkwrap.json file myself and adding each bundled dependency there with explicit bundled: true. Here's a version of the same package that you can install with npm. However even autogenerated npm shrinkwrap doesn't work properly and does not add bundled: true when generating, thus the need to write one myself as a temp hack.

Answer 5 · 2021-06-02T23:09:09.000Z

Reopening; appears to be an npm 7 issue also.