FG
🛠️ Developer ToolsMicrosoft

[BUG] ^7.20.3 no longer resolves local package first on install (workspaces)

Freshabout 19 hours ago
Mar 14, 20260 views
Confidence Score95%
95%

Problem

Is there an existing issue for this? - [X] I have searched the existing issues Current Behavior In a workspaces based environment, for example: [code block] Running `npm install b --workspace a` will no longer install the locally linked package correctly. Instead, it'll use the version hosted on `npm`, or throw a 404 if you use a custom (unique) package name. Expected Behavior In <7.20.x, NPM would resolve the local package, and correctly alter package.json and package-lock.json. Steps To Reproduce With `node v16.6.1` and `npm 7.20.3` installed: 1) Make a new directory [code block] 2) Add a package.json [code block] 3) Setup 2 workspace packages [code block] (I used `@rijk/a` and `@rijk/b` as names, to avoid confusion with the existing packages `a` and `b`.) 5) Run `npm install` in the root, to give it a chance to npm link all the packages (not sure if needed) [code block] 6) Try installing `@rijk/b` as a dependency of `@rijk/a` [code block] 5) See error... [code block] --- If you install `7.20.2` or below (`npm i -g npm@7.20.2`), the above flow still works as expected. Environment - OS: macOS 11.4, also seen in GitHub Actions - Node: v16.6.1 - npm: 7.20.3 and up

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
Unverified Fix
New Fix – Awaiting Verification

Fix npm local package resolution issue in workspaces for version 7.20.3

Medium Risk

In npm version 7.20.3, a change in the package resolution algorithm caused local workspace packages to be deprioritized in favor of remote versions. This leads to unexpected behavior when trying to install local packages, resulting in 404 errors for custom package names or incorrect installations.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Downgrade npm to a stable version

    Since the issue is specific to npm version 7.20.3, downgrade to version 7.20.2 or below to restore the expected local package resolution behavior.

    bash
    npm install -g npm@7.20.2
  2. 2

    Verify workspace setup

    Ensure that your workspace is correctly set up with the necessary package.json files in the root and each workspace package directory. Confirm that the dependencies are correctly defined.

    bash
    cat package.json
  3. 3

    Install local package in workspace

    After downgrading npm, attempt to install the local package again using the command `npm install @rijk/b --workspace @rijk/a` to verify that it resolves correctly.

    bash
    npm install @rijk/b --workspace @rijk/a
  4. 4

    Check package.json and package-lock.json

    After the installation, check the package.json and package-lock.json files in the workspace to ensure that the local package is correctly referenced and no errors occurred during the installation.

    bash
    cat packages/a/package.json && cat package-lock.json
  5. 5

    Monitor for updates

    Keep an eye on the npm release notes for any updates or fixes related to this issue in future versions. Consider reporting the issue to the npm team if it persists in later versions.

Validation

Confirm that the local package is correctly installed by checking the output of `npm ls @rijk/b` in the workspace directory. The output should show the local package instead of a remote version or a 404 error.

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

npmpackage-managernodejsrelease-7.xbugpriority-0