[BUG] npm install can potentially delete .git directory #1641
Comments
MylesBorins
added
Release 7.x
|
for the record, safe-publish-latest has a dep on yargs 7, which depends on camelcase. |
|
A couple notes before I vanish for the weekend. This bug is unrelated to any of the scripts being run by the package and with a bit of poking I've managed to find even stranger behavior... npm seems to be bringing folder back FROM THE DEAD $ git clone https://github.com/browserify/resolve.git
$ cd resolve
$ git checkout v1.17.0
$ rm -rf .git
$ rm -rf test/
$ rm -rf examples/
$ git init
$ git add .
$ git commit -m "Seriously wat"
$ npm installYou will notice that not only is the .git folder blown away, but test/ and examples/ is restored... something I can't for the life of me figure out how or why is happening. |
|
Ooh, this is a fun one. Note that it only happens if the folder is named For some reason, it's trying to reify the published |
|
Root cause: npm/arborist@909651d |
|
Fixed in beta branch. 5fb2177 |
|
It occurred to one of my developer on node 16.14.2 and npm 8.5.0. |
This behavior is only reproducible with a specific version of
resolve, but it is only reproducible on npm 7. I'm pretty sure the deletion of the .git folder is an unfortunate side effect of a missing dependency causing unexpected behavior insafe-publish-latest. This behavior is happening independent of--legacy-peer-depsCurrent Behavior:
npm install fails with the error
Error: Cannot find module 'camelcase', bails, and the .git folder is deletedExpected Behavior:
Modules to be installed and .git folder to not be affected.
Steps To Reproduce:
This will permanently damage the repo so please do it in a fresh install
$ git clone https://github.com/browserify/resolve.git $ cd resolve $ git checkout v1.17.0 $ npm installEnvironment:
OSX 10.15.6
Node.js v14.6.0
npm v7.0.0-beta.2
The text was updated successfully, but these errors were encountered: