Version 15.0.1

Question

Version 15.0.1

Closed this issue 2 years ago · 8 comments

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

I am getting the following error with pacote@15.0.1.

npm ERR! code ENOENT
npm ERR! syscall chmod
npm ERR! path /Users/xxxx/.npm/_npx/67793/lib/node_modules/pacote/node_modules/@npmcli/installed-package-contents/index.js
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, chmod '/Users/xxxx/.npm/_npx/67793/lib/node_modules/pacote/node_modules/@npmcli/installed-package-contents/index.js'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent

npm ERR! A complete log of this run can be found in:
npm ERR! /Users/xxxx/.npm/_logs/2022-10-18T04_25_34_732Z-debug.log
Install for [ 'pacote@latest' ] failed with code 254

Expected Behavior

pacote@15.0.0 works fine.

Steps To Reproduce

Run "npx pacote"

Environment

npm: 6.14.16
Node: 14.19.0
OS: macOS 12.4
platform: Macbook Pro

Answer 1 · 2022-10-18T09:35:39.000Z

Confirming we're also experiencing this on 15.0.1

$ node --version
v14.20.0
$ npm --version
6.14.17
OS: macOS 12.6

And also on our CI infrastructure:

node: v14.20.1
npm: 7.11.2
OS: Ubuntu 20.04 LTS

Answer 2 · 2022-10-18T13:57:56.000Z

Have you tried this with the latest npm?

Answer 3 · 2022-10-18T15:02:36.000Z

Works with npm 8.19.2. Is dropping support for npm@6, which ships with node 14 LTS, intentional?

Answer 4 · 2022-10-18T15:46:56.000Z

It's not intentional, but npm 6 is only supported in that we are doing critical security updates for it.

Answer 5 · 2022-10-18T15:59:05.000Z

I understand that updates to npm@6 itself is in a security maintenance only mode; but in this case the problem seems to be that third-party consumers of this module have, between 15.0.0 and 15.0.1, had support for a previously supported npm version break in a patch release. Semver would usually have that be a breaking change, I think?

In our case we're using npm-check-updates https://www.npmjs.com/package/npm-check-updates which is a direct consumer of pacote.

Answer 6 · 2022-10-18T17:56:46.000Z

No this wouldn't be a breaking change because there is no engines entry for any of these packages that support a given version of npm. If someone tracks this down and fixes it we'd happily accept a PR. The break is likely not in pacote itself, but in something else since npm/installed-package-contents#24 is also an issue that was made recently.

Answer 7 · 2022-10-18T17:59:09.000Z

If I had to guess this is an existing bug in npm 6 that is now being raised because of a dependency that was previously hoisted now not being hoisted. I don't know if it's a bug in any of these dependencies, the "breaking changes" were in the engines field only for the most part.

Answer 8 · 2022-10-19T14:02:08.000Z

npm/installed-package-contents#26