[BUG] presence of `overrides` breaks ability to downgrade un-hoisted workspace dependencies

[jenseng]

Is there an existing issue for this?

• [X] I have searched the existing issues

This issue exists in the latest npm version

• [X] I am using the latest npm

Current Behavior

If the root package.json defines any overrides, if you attempt to downgrade an un-hoisted workspace dependency via the CLI (e.g. npm install <specifierWithOlderVersion> --save-exact -w <workspace>), the command succeeds but nothing actually happens. Note that this only affects downgrades, you can upgrade to a newer version.

Related to #7018 and exacerbated by #7019

Expected Behavior

Invoking the CLI to install a package should either 1. install the package or 2. display an error message explaining why it could not be installed.

Steps To Reproduce

Given package.json:

{
  "workspaces": [
    "packages/*"
  ],
  "overrides": {
    "doesnt-matter-can-be-anything": "1.2.3"
  }
}

And packages/my-cool-package/package.json:

{}

Run:

1. npm i [email protected] --save-exact -w my-cool-package (hoisted to node_modules/tiny-invariant)
2. npm i [email protected] --save-exact -w my-cool-package (un-hoisted to packages/my-cool-package/node_modules/tiny-invariant, seemingly due to #7019)
3. npm i [email protected] --save-exact -w my-cool-package
4. Note that 0.0.3 is still installed, and the package*.json files are unchanged since step 2

Environment

• npm: 10.2.4
• Node.js: 18.17.1
• OS Name: Mac OS Ventura
• System Model Name: Macbook Pro
• npm config:

registry = "https://registry.npmjs.org/"

[alpharder]

Same here, I'm using workspaces with install-strategy=shallow at .npmrc and any records at overrides are effectively ignored for dependencies of dependencies.