cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

[BUG] Extraneous packages are installed with `--workspaces=false` and `--omit=dev`

Open sgerace opened this issue 2 years ago • 0 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

This issue exists in the latest npm version

  • [X] I am using the latest npm

Current Behavior

I'm attempting to install only the production packages at the root of a project containing workspaces. Utilizing npm install --workspaces=false --omit=dev, I would expect to (a) ignore workspaces (as described by npm-install) AND (b) ignore devDependencies. However, in certain situations, extraneous packages are still being installed.

Expected Behavior

Utilizing npm install --workspaces=false --omit=dev from the root of a project I would expect only dependencies from the root of the project to be installed.

Steps To Reproduce

  1. Create the following project containing a package.json at the project root and one workspace:

Project structure:

.
+-- package.json
`-- workspace-a
    `-- package.json

./package.json contents:

{
    "name": "npm-workspace",
    "devDependencies": {
        "eslint": "^8.0.0"
    },
    "workspaces": [
        "workspace-a"
    ]
}

./workspace-a/package.json contents:

{
    "name": "npm-workspace-a",
    "dependencies": {
        "express": "4.18.1"
    }
}
  1. Run the following command: npm install --workspaces=false --omit=dev

In this case, I would not expect any modules to be installed since --omit=dev should omit the eslint dev dependency at the root and --workspaces=false should omit the express dependency within workspace-a. However, when I run this command, the inherits package is installed, which appears to be a downstream dependency of BOTH express (inherits > http-errors > express) AND eslint (inherits > glob > rimraf > flat-cache > file-entry-cache > eslint). I haven't examined the entire tree to determine if this is the only package that is in common to express and eslint, however, in a more complex example I was seeing many packages installed (presumably the ones that were in common between the root package and workspace) so it is possible that the issue is related to packages that are in common within the two dependency trees.

Environment

  • npm: 9.8.1
  • Node.js: v18.16.0
  • OS Name: macOS
  • System Model Name: Macbook Pro

sgerace avatar Aug 02 '23 20:08 sgerace