[BUG] overrides in packages not honoured at the top level

Question

[BUG] overrides in packages not honoured at the top level

Stono opened this issue 2 years ago · 1 comments

Stono commented 2 years ago

Is there an existing issue for this?

I have searched the existing issues

This issue exists in the latest npm version

I am using the latest npm

Current Behavior

Hello,
I've been doing quite a bit of searching, I think what I have here is a bug... although happy to be told otherwise.

What i'm observing is that if a package we depend on specifies an overrides section, then it is ignored when we install that package.

So take the following hierarchy as an example (which is our exact use case):

our-application:
  -> our-internal-package
    -> some-public-package
      -> some-public-package-dependency

In our-internal-package we have:

  "dependencies": {
    "some-public-package": "version"
  },
  "overrides": {
    "some-public-package@version": {
      "some-public-package-dependency": "2.0.0"
    }
  }

When working on our-internal-package, doing an npm ls --tree correctly shows the override at 2.0.0.

However when we install our-internal-package into our-application, the override appears to be ignored, and the latest version of some-public-package-dependency is installed (2.1.0). some-public-package references that with: ^2.0.0.

Expected Behavior

nested overrides to be honoured in the installation tree

Steps To Reproduce

see current behaviour. happy to build a small app to demonstrate this if the info above is not sufficient, and the behaviour is confirmed to be a bug.

Environment

Versions:

Node: v18.12.1
NPM: 8.19.3