cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

[BUG] NPM fails to globally install packages from TGZ bundle without Internet connection

Open t1m0thyj opened this issue 4 years ago • 3 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

This issue exists in the latest npm version

  • [X] I am using the latest npm

Current Behavior

On Windows, npm@8 fails to globally install packages like pacote from a TGZ bundle without an Internet connection.

The impacted use case is installing a CLI package (that depends on pacote) from a TGZ with all dependencies bundled. As a workaround, enterprise users of our package who are behind a restrictive firewall or proxy must downgrade to npm@6.

Expected Behavior

The install should succeed without access to the NPM registry since all transitive dependencies are bundled in the TGZ. It already succeeds in the following environments:

  • Windows + npm@6
  • Linux + npm@8
  • macOS + npm@8

Steps To Reproduce

  1. Create an npm package that includes pacote as a bundled dependency and pack it as a TGZ:
    • npm init -y
    • npm install pacote
    • edit package.json to define "bundledDependencies": ["pacote"]
    • npm pack
  2. In a Windows environment with npm@8, disable access to the NPM registry:
    • An easy way to do this: npm config set -g proxy http://proxy.invalid
    • An alternate method: launch a Windows Sandbox, install Node.js, and disable the network connection
  3. Clear the npm cache: npm cache clean --force
  4. Run npm install -g <tgzFile> where "<tgzFile>" is the path to the TGZ file packed in step 1
  5. See one of the following errors (depending on how you disabled access to the NPM registry in step 2): 
    npm ERR! errno ENOTFOUND
npm ERR! network request to https://registry.npmjs.org/encoding failed, reason: getaddrinfo ENOTFOUND proxy.invalid
npm ERR! network This is a problem related to network connectivity.

    npm ERR! errno ENOENT
npm ERR! enoent request to https://registry.npmjs.org/encoding failed, reason: getaddrinfo ENOENT registry.npmjs.org
npm ERR! enoent This is related to npm not being able to find a file.
    Although the transitive optional dependency encoding is bundled in the TGZ, NPM tries to download it from the Internet.

I've created a GitHub repo to demonstrate the issue. The TGZ bundle is here and the install failure can be seen here.

Environment

  • npm: 8.3.2
  • Node.js: 16.13.0
  • OS Name: Windows 10 Enterprise

t1m0thyj avatar Jan 26 '22 17:01 t1m0thyj

i'm not able to reproduce this in npm 8.5.3, can you try that out and see if you're still experiencing this problem?

nlf avatar Mar 08 '22 19:03 nlf

Sorry for the delay in responding. I was still able to reproduce the issue in npm 8.5.3 and 8.5.4 (failing build), but now it has been resolved in 8.5.5 (passing build) 🙂

I know I can update to 8.5.5 with npm install -g npm, but since many Node.js users stick with the bundled version of npm, do you have an idea of how soon we can expect npm 8.5.5 to be bundled with Node.js 16.x?

t1m0thyj avatar Mar 18 '22 13:03 t1m0thyj

Does the problem also occur when you use bundleDependencies instead of bundledDependencies? Although they are supposed to work the same, there are some issues with bundledDependencies as mentioned in #5167. This solved a similar issue for me with npm 8.3.1 on Linux.

rveerd avatar Jul 15 '22 11:07 rveerd

Closing since the issue was fixed in [email protected] (bundled with Node.js 16.15.0 and later).

t1m0thyj avatar Aug 18 '22 18:08 t1m0thyj