[BUG] Critical issue with npm link --install-links --save ../package/ deleting the package directory!

[glen-84]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

I have two local packages that I need to link, and since regular linking is so broken, I decided to use the new install-links option. Linking one package removes the other, so I added --save.

This is the output from the first link command (npm link --install-links --save ../api-client-js/):

npm WARN tarball tarball data for @company/api-client@file:/home/glen/development-environment/projects/api-client-js (null) seems to be corrupted. Trying again.
npm WARN tarball tarball data for @company/api-client@file:/home/glen/development-environment/projects/api-client-js (null) seems to be corrupted. Trying again.
npm WARN cleanup Failed to remove some directories [
npm WARN cleanup   [
npm WARN cleanup     undefined,
npm WARN cleanup     AssertionError [ERR_ASSERTION]: rimraf: missing path
npm WARN cleanup         at rimraf (/home/glen/.nvm/versions/node/v16.15.0/lib/node_modules/npm/node_modules/rimraf/rimraf.js:54:3)
npm WARN cleanup         at node:internal/util:360:7
npm WARN cleanup         at new Promise (<anonymous>)
npm WARN cleanup         at rimraf (node:internal/util:346:12)
npm WARN cleanup         at /home/glen/.nvm/versions/node/v16.15.0/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:532:20
npm WARN cleanup         at Array.map (<anonymous>)
npm WARN cleanup         at Arborist.[rollbackCreateSparseTree] (/home/glen/.nvm/versions/node/v16.15.0/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:532:8)
npm WARN cleanup         at Arborist.[reifyPackages] (/home/glen/.nvm/versions/node/v16.15.0/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:235:31)
npm WARN cleanup         at async Arborist.reify (/home/glen/.nvm/versions/node/v16.15.0/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:155:5)
npm WARN cleanup         at async Link.linkInstall (/home/glen/.nvm/versions/node/v16.15.0/lib/node_modules/npm/lib/commands/link.js:86:7) {
npm WARN cleanup       generatedMessage: false,
npm WARN cleanup       code: 'ERR_ASSERTION',
npm WARN cleanup       actual: undefined,
npm WARN cleanup       expected: true,
npm WARN cleanup       operator: '=='
npm WARN cleanup     }
npm WARN cleanup   ]
npm WARN cleanup ]
npm ERR! code ENOENT
npm ERR! syscall open
npm ERR! path /home/glen/development-environment/projects/api-client-js/package.json
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, open '/home/glen/development-environment/projects/api-client-js/package.json'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/glen/.npm/_logs/2022-05-05T16_02_41_713Z-debug-0.log

This DELETED the contents of the api-client-js directory! I thought I was going crazy. Then it happened again.

I am very lucky that I have a backup of the local changes to this package.

Expected Behavior

Not to delete my package. 😐

... and to install the link, and save it.

Steps To Reproduce

1. Use npm link --install-links --save ../some-package/ from another package.
2. Watch the contents of some-package disappear.

Environment

• npm: 8.9.0
• Node.js: 16.15.0
• OS Name: Debian GNU/Linux 11 (bullseye) (via WSL2)
• System Model Name: n/a
• npm config:

; "project" config from /home/glen/development-environment/projects/website/.npmrc

@company:registry = "https://gitlab.com/api/v4/packages/npm/"
//gitlab.com/api/v4/packages/npm/:_authToken = (protected)

; node bin location = /home/glen/.nvm/versions/node/v16.15.0/bin/node
; node version = v16.15.0
; npm local prefix = /home/glen/development-environment/projects/website
; npm version = 8.9.0
; cwd = /home/glen/development-environment/projects/website
; HOME = /home/glen
; Run `npm config ls -l` to show all defaults.

[jaikme]

Same here.
I do not know what happens,
I think was npm link -D ../repo/packages/some_package
Using npm v8.12.1

My .npmrc :

engine-strict=true
package-lock=false
install-links=true

[laggage]

Same here, with --install-links, npm link will delete all items under the package folder , horrible...

[laggage]

Four months passed since the issue created. Anyone knowns when can we get a fix for this or is there a temporary workround?

[yogeshwar-chaudhari-20]

I came across this issue this afternoon. Kind of freaked out, to be honest. You guys came across any workarounds for linking local npm packages when using npm v8??

[le-noceur]

hey @glen-84 ,

Not sure if it would help you, but I am using NPM link without --install-links.

What I do is to run NPM install on the package(sub-package) I want to link to the main project before linking it and it is working for me, The dependencies work well, this way it may not brake your other packages.

It did not work for me using NPM install (it makes sense). In this case the --install-links saved me but I am still going back and forward with testing using different scenarios to see which one would be my best option.

That being said, Depending on how tomorrow goes I will edit this comment.

Hope it helps.

[Santoshraj2]

@glen-84 I tried reproducing this bug with the steps mentioned, In attached screenshot you can see we are installing packageA from packageB with same command but nothing gets deleted. Can you share some sample repository which can be cloned to reproduce this bug?

[Santoshraj2]

This has been tried on latest as well as given version, but its not reproducing.

[glen-84]

@Santoshraj2

The npm version in your screenshot is neither the version that I specified, nor the latest version. I was also running on Linux, using a scoped package, etc.

With that said, I don't have a sample repository, and I'm not really working with node/npm lately, so this issue is not a high priority for me.

Perhaps one of the other affected users can provide a reproduction, otherwise feel free to close the issue.

[Santoshraj2]

From recent NPM

[Santoshraj2]

I am able to reproduce in original mentioned version(8.9.0) but not in the latest.. closing.