[BUG] uninstalling an optional peer dep doesnt remove it

Question

[BUG] uninstalling an optional peer dep doesnt remove it

mohd-akram opened this issue 2 years ago · 9 comments

mohd-akram commented 2 years ago

Is there an existing issue for this?

I have searched the existing issues

This issue exists in the latest npm version

I am using the latest npm

Current Behavior

Uninstalling a package does not remove it from the node_modules folder, and does not remove it from package-lock.json.

Expected Behavior

https://docs.npmjs.com/cli/v8/commands/npm-uninstall

This uninstalls a package, completely removing everything npm installed on its behalf.

It also removes the package from the dependencies, devDependencies, optionalDependencies, and peerDependencies objects in your package.json.

Further, if you have an npm-shrinkwrap.json or package-lock.json, npm will update those files as well.

Steps To Reproduce

Run:

mkdir npm-uninstall-test && cd npm-uninstall-test
npm init -y
npm install typeorm sqlite3
npm uninstall sqlite3
[ -e node_modules/sqlite3 ] && echo package still in node_modules
grep -q node_modules/sqlite3 package-lock.json && echo package still in package-lock.json

Environment

npm: 8.6.0
Node.js: v16.14.0
OS Name: Fedora 35
System Model Name: HP Laptop
npm config:

; "user" config from /home/user/.npmrc

prefix = "/home/user/.local" 

; node bin location = /usr/bin/node
; cwd = /home/user/npm-uninstall-test
; HOME = /home/user
; Run `npm config ls -l` to show all defaults.

Answer 1 · 2022-04-12T14:16:57.000Z

What does npm explain sqlite3 say? My guess is that it’s there because typeorm needs it.

Answer 2 · 2022-04-12T14:26:56.000Z

sqlite3@5.0.2 optional peer
node_modules/sqlite3
  peerOptional sqlite3@"^5.0.2" from typeorm@0.3.6
  node_modules/typeorm
    typeorm@"^0.3.6" from the root project

It is an optional peer dependency. I should be able to uninstall it (it is not automatically installed when doing just npm install typeorm).

Answer 3 · 2022-04-12T14:38:59.000Z

Interesting edge case, thanks.

Answer 4 · 2022-04-12T20:48:09.000Z

Thanks for the report! I've also confirmed this with the following:

❯ npm i typeorm

added 63 packages, and audited 64 packages in 13s

❯ npm ls sqlite3
4737@1.0.0 /Users/lukekarrys/Documents/npm-sandbox/4737
└── (empty)

❯ npm i sqlite3

added 110 packages, and audited 174 packages in 4s

❯ npm explain sqlite3
sqlite3@5.0.2
node_modules/sqlite3
  sqlite3@"^5.0.2" from the root project
  peerOptional sqlite3@"^5.0.2" from typeorm@0.3.6
  node_modules/typeorm
    typeorm@"^0.3.6" from the root project

❯ npm ls sqlite3
4737@1.0.0 /Users/lukekarrys/Documents/npm-sandbox/4737
├── sqlite3@5.0.2
└─┬ typeorm@0.3.6
  └── sqlite3@5.0.2 deduped

❯ npm uninstall sqlite3

up to date, audited 174 packages in 672ms

❯ npm ls sqlite3
4737@1.0.0 /Users/lukekarrys/Documents/npm-sandbox/4737
└─┬ typeorm@0.3.6
  └── sqlite3@5.0.2

❯ npm explain sqlite3
sqlite3@5.0.2 optional peer
node_modules/sqlite3
  peerOptional sqlite3@"^5.0.2" from typeorm@0.3.6
  node_modules/typeorm
    typeorm@"^0.3.6" from the root project

Answer 5 · 2023-05-25T13:12:24.000Z

Is there a way to work around this in the meantime? I have some leftover optional peer dependencies that are causing issues due to version incompatibilities and I am hesitant to delete the whole package-lock.json just to fix this.

Answer 6 · 2023-09-02T21:22:57.000Z

I was experiencing the same while trying to remove the protractor (an optional peer for @angular-devkit/build-angular).

Unfortunately I haven't found any other solution except tinkering with package-lock.json

Answer 7 · 2023-11-08T17:43:21.000Z

I am hesitant to delete the whole package-lock.json just to fix this.

Don't need to. Open package-lock.json and remove relevant top-level entry for optional peer dep. Then run npm prune to remove leftovers.

Had this issue with leftover less and sass for vite and this helped.

Answer 8 · 2024-04-08T09:23:49.000Z

Simpler (but might not be ideal for everyone): delete package-lock.json and node_modules, then run npm i. The uninstalled dependency shouldn't come back.

Note: we could think that deleting package-lock.json and node_modules/.package-lock.json would be enough, and it does indeed work for unrelated dependencies (if a dependency was manually removed from package.json instead of using npm uninstall), but not here! It's really the whole node_modules folder that needs to be deleted.

Answer 9 · 2024-07-20T23:29:26.000Z

I've just had this with sass when switching to sass-embedded using latest npm (v10.2.4) - I've got a script for removing packages from package-lock.json that can be used to easily remove the leftover packages