Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] optional dependencies for OS/CPU package variants are being pruned unexpectedly #7961

Open
2 tasks done
i-like-robots opened this issue Dec 5, 2024 · 11 comments
Open
2 tasks done
Labels
Bug thing that needs fixing Priority 2 secondary priority issue

Comments

@i-like-robots
Copy link

i-like-robots commented Dec 5, 2024

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

Starting from npm v10.3.0, optional dependencies for OS and CPU package variants are being pruned from package-lock.json when running npm install and a node_modules folder is present. This breaks npm installs when the resulting lockfile is pulled onto other platforms - such as devs working on their Macs (darwin/arm64) who are pushing their code to CI (linux/x64). This change in behaviour does not appear to be intentional as it is not documented or referenced anywhere. Possibly related to #7543. Possibly a dupe of #4828 and #7750.

The issue may be mitigated by deleting node_modules/ before running the install command.

Expected Behavior

Optional OS and CPU package variants should not be pruned from package-lock.json as was the behaviour prior to npm v10.3.0 to allow the lockfile to be used for cross-platform installs.

Steps To Reproduce

Unexpected behaviour ❌:

  1. mkdir test && cd test
  2. npm init -y
  3. npm i -D rollup
  4. Read package-lock.json - observe 18 OS/CPU@rollup/* package variants are listed
  5. rm package-lock.json
  6. npm i
  7. Read package-lock.json - observe only 1 OS/CPU @rollup/* package variant is now listed for the current platform

Expected behaviour test 1 ✅:

  1. mkdir test && cd test
  2. npm init -y
  3. npm i -D rollup
  4. Read package-lock.json - observe 18 OS/CPU@rollup/* package variants are listed
  5. rm -rf node_modules
  6. npm i
  7. Read package-lock.json - observe 18 OS/CPU@rollup/* package variants are listed

Expected behaviour test 2 ✅:

  1. mkdir test && cd test
  2. npm init -y
  3. npm i -D rollup
  4. Read package-lock.json - observe 18 OS/CPU@rollup/* package variants are listed
  5. npm i -D esbuild
  6. Read package-lock.json - observe 18 OS/CPU@rollup/* package variants are listed

Environment

  • npm: 10.9.2
  • Node.js: 22.17
  • OS Name: macOS 14.5
  • System Model Name: M1 Macbook Pro
  • npm config:
; node bin location = /Users/xxx/.nvm/versions/node/v20.17.0/bin/node
; node version = v20.17.0
; npm local prefix = /Users/xxx/Projects/test
; npm version = 10.9.2
; cwd = /Users/xxx/Projects/test
; HOME = /Users/xxx
; Run `npm config ls -l` to show all defaults.
@i-like-robots i-like-robots added Bug thing that needs fixing Needs Triage needs review for next steps labels Dec 5, 2024
@i-like-robots i-like-robots changed the title [BUG] <title> [BUG] optional dependencies for OS/CPU package variants are being pruned unexpectedly Dec 5, 2024
@kchindam-infy
Copy link

@i-like-robots by running the above commands u mentioned we are not getting any issue which above mentioned. by running the commands above mentioned by u we get 18 package variants before deleting the package-lock.json and after deleting package-lock.json we get the same 18 package variants.this is not an issue

@i-like-robots
Copy link
Author

i-like-robots commented Dec 8, 2024

Thanks for your comment @kchindam-infy, unfortunately we have multiple users affected by this issue and I am able to recreate the issue myself on multiple machines, node and npm versions.

If it helps to diagnose the issue further, I have made a screen recording performing the steps reproducing the unexpected behaviour;

Screen.Recording.2024-12-08.at.21.35.16.min.mov

@kchindam-infy
Copy link

Hi @i-like-robots This is not reproducible in 10.9.2 latest npm . The video you share npm version shows 10.9.0. Update to latest version and try again

@i-like-robots
Copy link
Author

i-like-robots commented Dec 11, 2024

I can confirm this is still an issue in v10.9.2 @kchindam-infy and this has also been confirmed by multiple users on M1-M4 equipped MacBooks.

Screenshot 2024-12-11 at 11 26 17

@kchindam-infy
Copy link

kchindam-infy commented Dec 28, 2024

@i-like-robots checked the issue with the updated versions npm 10.9.2 what u mention getting the expected behaviour for my self. plz update the node to the latest version and check
Screenshot 2024-12-27 at 10 48 20 PM

@i-like-robots
Copy link
Author

i-like-robots commented Jan 2, 2025

Thanks for your reply @kchindam-infy. I can confirm this remains an issue with the latest Node and NPM releases. I notice that your screenshot does not show you performing step 5 as defined in the original issue which I have copied below:

  1. mkdir test && cd test
  2. npm init -y
  3. npm i -D rollup
  4. Read package-lock.json - observe 18 OS/CPU@rollup/* package variants are listed
  5. rm package-lock.json
  6. npm i
  7. Read package-lock.json - observe only 1 OS/CPU @rollup/* package variant is now listed for the current platform

@kchindam-infy
Copy link

kchindam-infy commented Jan 2, 2025

@i-like-robots Hi performed all the steps which u mentioned not getting any issue what ur expecting . performed once again the issue obeserving 18 os/cpu package variants before deleting the package-lock.json and after deleting also the same result.performed step 5 also which u mentioned
Screenshot 2025-01-02 at 9 13 32 AM

@i-like-robots
Copy link
Author

i-like-robots commented Jan 3, 2025

To try and narrow this down @kchindam-infy - can you confirm the specs of the machine you're using? From your screenshot I can see that you're using a mac, is it an ARM chip too? For reference I am using a Macbook Pro with M1 pro CPU. Perhaps you could also share your npm config?

For the reference, here's the result using Node v23.5 and NPM v11:

Screenshot 2025-01-03 at 15 33 37

And my npm config:

; node bin location = /Users/xxx/.nvm/versions/node/v23.5.0/bin/node
; node version = v23.5.0
; npm local prefix = /Users/xxx/Projects/test
; npm version = 11.0.0
; cwd = /Users/xxx/Projects/test
; HOME = /Users/xxx
; Run `npm config ls -l` to show all defaults.

It looks like #8005 might also be related.

@kchindam-infy
Copy link

@i-like-robots
Screenshot 2025-01-03 at 8 46 51 AM

@i-like-robots
Copy link
Author

i-like-robots commented Jan 3, 2025

Thank you, I don't know what else to say in that case @kchindam-infy other than count yourself lucky! We have more than a dozen folks here with this problem, I can recreate it on all of my machines too, and I can see hundreds of commits and issues which reference #4828 😞

@kchindam-infy kchindam-infy added Priority 2 secondary priority issue and removed Needs Triage needs review for next steps labels Jan 8, 2025
@kl13nt-tng
Copy link

kl13nt-tng commented Jan 16, 2025

Confirming this is also affecting a project I'm working on, even when node_modules isn't present. We use a package that depends on esbuild, the following happens:

  • When using npm v9.8.1 the lockfile includes all CPU variants of esbuild, including non Mac ones.
  • When using npm >=v10.9.0 the lockfile includes only CPU variants compatible with my current Mac system. This obviously breaks pipelines running different agent OS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug thing that needs fixing Priority 2 secondary priority issue
Projects
None yet
Development

No branches or pull requests

3 participants