npm/pacote

[BUG] `prepack` is not called on installation of git packages

Opened this issue · 3 comments

aarondill commented

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

The npm CLI documentation says that prepack "Runs BEFORE a tarball is packed (on "npm pack", "npm publish", and when installing a git dependencies)," yet in dir.js L39-L41, it's made clear that pacote expects the CLI to call it, rather than pacote itself.

Expected Behavior

Unless I am misunderstanding the control flow here, npm calls pacote before ever having access to the git repo's files, and doesn't receive control flow back until after the tarball has already been generated (and installed?). If that's the case, the calling of prepack when downloading a git repository needs to be done by pacote, rather than expecting the CLI to call it.

Notes:

  • There is a corresponding issue in npm/cli(npm/cli#1865) which tracks this issue, but has been closed due to repairation of half of the issue (dependency installation before prepare script).

Steps To Reproduce

See this comment in npm/cli for a simple reproduction process.

Environment

  • npm: 9.3.1, also tested on 9.4.1
  • Node: v18.14.0, also tested on v19.6.0
  • OS: Ubuntu 22.04.1 LTS
  • platform: HP Laptop 15-dy2xxx
jakebailey commented

We were actually considering adding a prepack script to TypeScript so that people could install via git for bisect purposes, but found out that it doesn't actually work in npm v7+. prepack has better semantics (doesn't run on a plain dep install in the repo) and works cross-package-manager, but not having this is really a bummer and we've ended up not actually adding it.

wesbiggs commented

Also/still a problem on npm 10.2.0.

A very silly workaround:

In the consuming package (i.e. the one that has the git dependency):

"scripts": {
  "prepare": "semver -r '>=9.0.0' $npm_config_npm_version && cd node_modules/package-from-git && npm run prepack"
}

Since the prepare script does run after install, this forces the desired behavior when the consuming package is installed. (The first time you add the package to package.json, though, you need to run it manually.) YMMV.

n.b. I don't know if 9.0.0 is the right version to start with, just guessing from the issue description.

jakebailey commented

If you hadn't seen it, there's also: https://github.com/cspotcode/workaround-broken-npm-prepack-behavior

Which is what ts-node uses to work around this problem.

  • 👍2