cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

[BUG] uninstalling an optional peer dep doesnt remove it

Open mohd-akram opened this issue 4 years ago • 9 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

This issue exists in the latest npm version

  • [X] I am using the latest npm

Current Behavior

Uninstalling a package does not remove it from the node_modules folder, and does not remove it from package-lock.json.

Expected Behavior

https://docs.npmjs.com/cli/v8/commands/npm-uninstall

This uninstalls a package, completely removing everything npm installed on its behalf.

It also removes the package from the dependencies, devDependencies, optionalDependencies, and peerDependencies objects in your package.json.

Further, if you have an npm-shrinkwrap.json or package-lock.json, npm will update those files as well.

Steps To Reproduce

  1. Run:
mkdir npm-uninstall-test && cd npm-uninstall-test
npm init -y
npm install typeorm sqlite3
npm uninstall sqlite3
[ -e node_modules/sqlite3 ] && echo package still in node_modules
grep -q node_modules/sqlite3 package-lock.json && echo package still in package-lock.json

Environment

  • npm: 8.6.0
  • Node.js: v16.14.0
  • OS Name: Fedora 35
  • System Model Name: HP Laptop
  • npm config:
; "user" config from /home/user/.npmrc

prefix = "/home/user/.local" 

; node bin location = /usr/bin/node
; cwd = /home/user/npm-uninstall-test
; HOME = /home/user
; Run `npm config ls -l` to show all defaults.

mohd-akram avatar Apr 12 '22 11:04 mohd-akram

What does npm explain sqlite3 say? My guess is that it’s there because typeorm needs it.

ljharb avatar Apr 12 '22 14:04 ljharb 

[email protected] optional peer
node_modules/sqlite3
  peerOptional sqlite3@"^5.0.2" from [email protected]
  node_modules/typeorm
    typeorm@"^0.3.6" from the root project

It is an optional peer dependency. I should be able to uninstall it (it is not automatically installed when doing just npm install typeorm).

mohd-akram avatar Apr 12 '22 14:04 mohd-akram

Interesting edge case, thanks.

ljharb avatar Apr 12 '22 14:04 ljharb

Thanks for the report! I've also confirmed this with the following:

❯ npm i typeorm

added 63 packages, and audited 64 packages in 13s

❯ npm ls sqlite3
[email protected] /Users/lukekarrys/Documents/npm-sandbox/4737
└── (empty)

❯ npm i sqlite3

added 110 packages, and audited 174 packages in 4s

❯ npm explain sqlite3
[email protected]
node_modules/sqlite3
  sqlite3@"^5.0.2" from the root project
  peerOptional sqlite3@"^5.0.2" from [email protected]
  node_modules/typeorm
    typeorm@"^0.3.6" from the root project

❯ npm ls sqlite3
[email protected] /Users/lukekarrys/Documents/npm-sandbox/4737
├── [email protected]
└─┬ [email protected]
  └── [email protected] deduped

❯ npm uninstall sqlite3

up to date, audited 174 packages in 672ms

❯ npm ls sqlite3
[email protected] /Users/lukekarrys/Documents/npm-sandbox/4737
└─┬ [email protected]
  └── [email protected]

❯ npm explain sqlite3
[email protected] optional peer
node_modules/sqlite3
  peerOptional sqlite3@"^5.0.2" from [email protected]
  node_modules/typeorm
    typeorm@"^0.3.6" from the root project

lukekarrys avatar Apr 12 '22 20:04 lukekarrys

Is there a way to work around this in the meantime? I have some leftover optional peer dependencies that are causing issues due to version incompatibilities and I am hesitant to delete the whole package-lock.json just to fix this.

juona avatar May 25 '23 13:05 juona

I was experiencing the same while trying to remove the protractor (an optional peer for @angular-devkit/build-angular).

Unfortunately I haven't found any other solution except tinkering with package-lock.json

Den-dp avatar Sep 02 '23 21:09 Den-dp

I am hesitant to delete the whole package-lock.json just to fix this.

Don't need to. Open package-lock.json and remove relevant top-level entry for optional peer dep. Then run npm prune to remove leftovers.

Had this issue with leftover less and sass for vite and this helped.

Kagami avatar Nov 08 '23 17:11 Kagami

Simpler (but might not be ideal for everyone): delete package-lock.json and node_modules, then run npm i. The uninstalled dependency shouldn't come back.

Note: we could think that deleting package-lock.json and node_modules/.package-lock.json would be enough, and it does indeed work for unrelated dependencies (if a dependency was manually removed from package.json instead of using npm uninstall), but not here! It's really the whole node_modules folder that needs to be deleted.

Zwyx avatar Apr 08 '24 09:04 Zwyx

I've just had this with sass when switching to sass-embedded using latest npm (v10.2.4) - I've got a script for removing packages from package-lock.json that can be used to easily remove the leftover packages

G-Rath avatar Jul 20 '24 23:07 G-Rath