Open
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
When a project is packaged with a local dependency included in bundledDependencies:
- Installing the package results in repeated warnings about tarball corruption
- NPM fails to resolve the bundled dependency
Error Output
npm warn tarball tarball data for some-dependency@file:../somewhere-outside-of-this-project.tgz (null) seems to be corrupted. Trying again.
npm warn tarball tarball data for some-dependency@file:../somewhere-outside-of-this-project.tgz (null) seems to be corrupted. Trying again.
npm error code ENOENT
npm error syscall open
npm error path /path/to/project/node_modules/some-dependency
npm error errno -2
npm error ENOENT: no such file or directory, open '/path/to/project/node_modules/some-dependency'Impact
Breaks packaging and distribution of projects with local dependencies that were previously working correctly.
Expected Behavior
- The package should be installable without errors
- The local dependency should be resolvable from the bundled
node_modules
Steps To Reproduce
{
"name": "example-project",
"version": "1.0.0",
"dependencies": {
"some-dependency": "file:../somewhere-outside-of-this-project.tgz"
},
"bundledDependencies": [
"some-dependency"
]
}- Create a project with a local dependency installed
- Add the dependency to
bundledDependencies - Run
npm packto create the package - Attempt to install the packed package in a different project
Environment
- npm: >=10.3.0
- Node.js: >=20.11.1
- OS Name: MacOS
- System Model Name: Macbook Pro 2021
- npm config:
; node bin location = /Users/[confidential]/.nvm/versions/node/v20.11.1/bin/node
; node version = v22.13.1
; npm local prefix = [confidential]
; npm version = 10.9.2
; cwd = [confidential]
; HOME = [confidential]
; Run `npm config ls -l` to show all defaults.```