-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Overrides are not updating after running npm install #4232
Comments
Also facing it on 8.3.2 |
It's reproducible on NPM v
|
Same issue here. OS: MacOS 11.3.1 |
Experiencing the same issue. |
Same here:
|
Wanted to clarify that for some variations of this scenario, the results are even worse than " # Baseline setup, all as expected
> node --version
v16.14.0
> npm --version
8.4.1
> mkdir npm-cli-4232-repro && cd npm-cli-4232-repro && git init && npm init -y
> npm install is-odd
> rg '\"version\"' ./node_modules
./node_modules\is-number\package.json
4: "version": "6.0.0",
./node_modules\is-odd\package.json
4: "version": "3.0.1",
> git add package*.json && git commit -m 'before override'
# Now edit package.json adding "overrides": { "is-number": "5.0.0" }
# Expected behavior: npm install should update the lockfile and installed versions such that the override to v5.0.0 is satisfied
> npm install
# Actual behavior: the installed version of is-number remains 6.0.0, not 5.0.0
> rg '\"version\"' ./node_modules
./node_modules\is-number\package.json
4: "version": "6.0.0",
./node_modules\is-odd\package.json
4: "version": "3.0.1",
# Actual behavior: package-lock.json is only partially updated.
# A reviewer skimming the most obvious version number change will see that the is-odd requires section correctly indicates 5.0.0
# However, the is-number entry in dependencies is incorrectly still referencing 6.0.0
> git diff package-lock.json
diff --git a/package-lock.json b/package-lock.json
index 894fae9..2b7850b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -34,8 +34,7 @@
},
"dependencies": {
"is-number": {
- "version": "6.0.0",
- "resolved": "https://registry.npmjs.org/is-number/-/is-number-6.0.0.tgz",
+ "version": "https://registry.npmjs.org/is-number/-/is-number-6.0.0.tgz",
"integrity": "sha512-Wu1VHeILBK8KAWJUAiSZQX94GmOE45Rg6/538fKwiloUu21KncEkYGPqob2oSZ5mUT73vLGrHQjKw3KMPwfDzg=="
},
"is-odd": {
@@ -43,7 +42,7 @@
"resolved": "https://registry.npmjs.org/is-odd/-/is-odd-3.0.1.tgz",
"integrity": "sha512-CQpnWPrDwmP1+SMHXZhtLtJv90yiyVfluGsX5iNCVkrhQtU3TQHsUWPG9wkdk9Lgd5yNpAg9jQEo90CBaXgWMA==",
"requires": {
- "is-number": "^6.0.0"
+ "is-number": "5.0.0"
}
}
} Once the user is in this scenario, both (Node 16.14.0, npm 8.4.1, Windows 11 21H2 22000.493) |
Overrides not working at all with npm 8.4.1, e.g.:
|
[email protected], i can confirm it still doesn't work with this version |
[email protected], node v16.13.2, Windows 10 21H2, same issue. |
This issue is attracting some general "overrides don't work for me at all" comments in addition to the specific original reported issue, so it might be worth mentioning a couple of things to check for that can cause overrides to not work at all:
So if it seems overrides don't work at all, and you think this issue might be related, do |
8.x is a range that resolves to the latest version only; iow, to 8.5.4 as of this writing. |
If that's the case, it should be written more clearly it's latest version only IMO I was not the only one here that tested on 8.1.2. I think it would be beneficial having a since 8.x.y written for each property in the documentation. It would be helpful folks like me that can't always use latest. There's no need to fish npm's changelog to check that :) |
That sounds like it’d be a great improvement; node’s docs tell you which versions each thing landed in and it’s very helpful. |
In case it helps anyone, running Running |
Same as @amerikan using npm 8.3.1 or latest (8.5.4) on osx arm64 |
Can all of you try latest npm, 8.5.4 i think? |
I am seeing this issue on npm 8.5.4 |
Can confirm I also seem to be seeing this and #4322 with npm 8.5.4 while investigating migrating from yarn v1 to npm v8. My working branch is here if it helps: https://github.com/defencedigital/mod-uk-design-system/compare/spike/npm-v8-2 The project uses workspaces and the overrides are in the root In that example, |
In case it helps, my specific scenario correctly sees the override applied to the first-level package. Where it fails is in the much-deeper instance. I'm not familiar with the internals of npm's tree generation, but this coincides with a working override for the dependency in the root of node_modules but not for the nested version. OS: MacOS 12.3.1
|
If you're in a workspace, move the override to the root package.json. That works for me. |
Note that the INITIAL install will abide by the override rules set, and the subsequent installs (e.g., run npm install twice) will ignore overrides. |
This problem still exists for workspaces. We spent 2 weeks migrating a monorepo with ~30 microservices and ~50 modules to npm workspaces X turborepo. Are there at least any updates IF or WHEN this will be fixed? |
Same, I was able to reproduce this issue |
I'm seeing this issue on When doing
My
I've also tried:
and,
and even,
with no difference. Another oddity I noticed - if I edit If I change Potentially even worse than this (eg. other than the error on
I may try updating (however this particular dev machine is on |
so is there any solution here? |
I can confirm this is the behavior in the latest {
"name": "test",
"version": "1.0.0",
"engines": {
"npm": ">=8.3.0"
},
"dependencies": {
"json-server": "^0.17.0"
},
"overrides": {
"json-server": {
"package-json": "7.0.0"
}
}
}
From the above it can be concluded that the |
I have not gone through all the reports in this thread since it was closed. But I did check #4232 (comment) from @samuliasmala and I have confirmed that issue, so I opened a new issue for it here #5850. If anyone else has a different issue than that, it's most helpful if you can open a new issue with your reproduction. |
Uninstalling and reinstalling just the package for which the override was defined seems to be sufficient:
(With |
Doesn't work with latest npm version for firebase-tools at all : ❯ npm --version
9.2.0
❯ jq .overrides package.json
{
"express": "^4.17.3",
"got": "^11.8.5"
}
❯ npm uninstall firebase-tools
removed 687 packages, and audited 872 packages in 6s
104 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
❯ npm install -D firebase-tools
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
added 687 packages, and audited 1559 packages in 9s
130 packages are looking for funding
run `npm fund` for details
10 vulnerabilities (6 moderate, 4 high)
To address all issues, run:
npm audit fix
Run `npm audit` for details. I've tested many combinations without much luck : {
"overrides": {
"firebase-tools": {
"express": "^4.17.3",
"got": "^11.8.5"
}
}
} {
"overrides": {
"firebase-tools": {
".": "$firebase-tools",
"express": "^4.17.3",
"got": "^11.8.5"
}
}
} {
"overrides": {
"firebase-tools": {
".": "$firebase-tools",
"express": "^4.17.3",
"package-json": {
"got": "^11.8.5"
}
}
}
} |
This works for me, thank you very much for sharing!!! In this case I didn't need to remove the |
It never works for me. Trying to override
In /node_modules/react-powerglitch/package.json, after trying everything above, like deleting both node_modules and package-lock.json
|
I spent a day on the issue and it feels like the bug only reveals when a dependency has its own |
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
After updating the overrides,
npm install
is not updating thepackage.lock
ornode_modules
.To make it work I had to remove both
package.lock
andnode_modules
, then the overrides have been applied.Expected Behavior
Change in
overrides
should updatepackage.lock
andnode_modules
after runningnpm install
Steps To Reproduce
Environment
; copy and paste output from `npm config ls` here
The text was updated successfully, but these errors were encountered: