[BUG] Cannot set property 'peer' of null #5007
Comments
minecrawler
added
Bug
|
Specific steps to reproduce: git clone git@github.com:oguimbal/pgsql-ast-parser.git
cd pgsql-ast-parser
npm i; npm run build # this makes a dist build with a `package.json` in ./lib
cd ..
mkdir npm-cli-issue-5007-repro
cd npm-cli-issue-5007-repro
npm init -y
npm i -S pg-mem ../pgsql-ast-parser/lib... then edit "overrides": {
"pg-mem": {
"pgsql-ast-parser": "$pgsql-ast-parser"
}
}... then: npm i
npm i # yes, againThe second (and any subsequent) There seems to be a lot going wrong there :-) ... (not all of it necessarily relevant to this bug, but some of it for sure):
|
|
The "node_modules/pg-mem/node_modules/pgsql-ast-parser": {
"resolved": "node_modules/pgsql-ast-parser/lib",
"link": true
},and if I manually change that "node_modules/pg-mem/node_modules/pgsql-ast-parser": {
"resolved": "../pgsql-ast-parser/lib",
"link": true
},then the next ... but it changes the |
|
Running into this exact issue as well, trying to install Jest. Node 16.15.1 (latest LTS at the time of writing) The problem only seems to occur for me in a project with workspaces. Doesn't matter if I execute an install from the main package.json directory, or from any of the individual workspaces. However, MUCH MUCH WORSE is that just executing a straight This desperately requires a solution. In a project without workspaces set up, it works fine for me, but I can't just willy-nilly remove the workspaces feature from our projects for obvious reasons. Edit: same results with NPM 8.11 and 8.10, so this bug has existed for at least a while. This should give it elevated priority to get it fixed, since downgrading NPM is unrealistic. |
|
For me the node where it breaks: ArboristLink {
name: 'renewi-campaign',
version: '2.0.0',
location: 'node_modules/renewi-campaign',
path: 'C:\\Projects\\Renewi\\src\\VGW.Web\\Frontend\\node_modules\\renewi-campaign',
realpath: 'c:\\Projects\\Renewi\\src\\VGW.Web\\Frontend\\Campaign',
resolved: 'file:../Campaign',
dev: true,
optional: true,
isWorkspace: true,
edgesIn: Set(1) {
{ "" workspace renewi-campaign@file:C:\Projects\Renewi\src\VGW.Web\Frontend\Campaign }
},
target: null
}
I tried to monkey-patch the offending package by inserting various defenses to get |
|
Here's a workaround so that at least we can get back to work. In the @@ -30,7 +30,7 @@ const calcDepFlagsStep = (node) => {
resetParents(node, 'optional')
// for links, map their hierarchy appropriately
- if (node.isLink) {
+ if (node.isLink && node.target) {
node.target.dev = node.dev
node.target.optional = node.optional
node.target.devOptional = node.devOptional
@@ -100,11 +100,11 @@ const unsetFlag = (node, flag) => {
tree: node,
visit: node => {
node.extraneous = node[flag] = false
- if (node.isLink) {
+ if (node.isLink && node.target) {
node.target.extraneous = node.target[flag] = false
}
},
- getChildren: node => [...node.target.edgesOut.values()]
+ getChildren: node => [...(node.target?.edgesOut.values() ?? [])]
.filter(edge => edge.to && edge.to[flag] &&
(flag !== 'peer' && edge.type === 'peer' || edge.type === 'prod'))
.map(edge => edge.to),This makes installs go without errors, but of course I don't know if this is the right way to go. The root cause is the fact that |
|
running into this again and it's a big problem. What is the status of implementing a fix? |
|
This bug is even still in triage, so no fix in sight :( |
|
I've been running into this now too. We also have workspaces (single I've tested on versions 8.15.0 and 8.11.0, both are broken. |
|
I reinstalled node and still had the same issue. Only once I deleted I'm not saying this is the right thing to do, or that anyone should do it. I'm not entirely sure what the side effects might be. |
|
Still the same. A new version has been released since I posted my diff with a fix, and it appears it hasn't been included. The bug still exists. Let me reiterate how severe this is: we cannot install, update, or uninstall anything. We cannot even do an This DESPERATELY needs a proper fix. Who can we tag to escalate this issue to critical/blocking priority? |
|
It seems that a lot of bugs remain in triage for a very long time (up to 10 months as far as I saw) while other issues are removed from triage within hours. Even when we are not in triage anymore I don't think that would guarantee a fast resolution. Especially since there are only a few people affected while millions don't have the bug. So, I am not sure what the best way is with such a long bug tracker.... My solution is to change my workflow so I don't have to use NPM (or other package managers) anymore for the case in which I triggered the bug. It's even better / faster without NPM, so I'm not sad to have dropped it. It's not something everyone can do, though. |
|
I'd rather not go with a workaround. Besides, the number of people complaining is far smaller than the number of people affected. And if everyone would go with a workaround, NPM would not have any incentive to fix the bug. This would lead to hackery "solutions", like we've already seen way too many of in other fields of tech. The bug is provable, demonstrable, repeatable, persistent, and totally cripples NPM. It could potentially affect millions of people, because there seem to be several kinds of setups that may be a cause for this bug. I honestly don't see why this isn't enough to get someone to fix it properly, and release it within a week or so. There's no shame in having to perform a hotfix release, but there is definitely a lot more shame in letting crippling bugs linger. |
|
Ran in to this on NPM 8.13.2 after manually editing the |
|
Seems like the problem is actually in the package-lock.json file - when I revert my changes in package-lock after the first install of the new package, it installs again. I didn't have to remove node_modules. |
That's great, but when never having manually edited the package-lock, it should not cause any runtime errors like this. There for I would consider a manual edit of the package-lock to be a workaround, not a solution. |
Yup I agree with you 100% - just wanted to provide more details in case anyone knew how to fix it |
|
NPM devs - just ran into this again with the latest npm (8.19.2) that comes with Node.js 16.18.0. Can we please get an explanation of why this isn't bloody fixed yet? This issue BREAKS NPM ENTIRELY in these scenarios, how does that not give this issue highest possible priority?! Sorry about the tone of voice, but I'm sure you can understand why I'm getting a little bit cross on the appalling amount of progress being made. |
|
Oy! Any and all NPM devs! Why do you keep releasing new versions of NPM without fixing this issues that COMPLETELY BREAKS NPM. It's been way too long since this issue got reported, and it hasn't recieved the priority it deserves. Can you tell I'm getting a bit cross? Of course I am. I feel like this issue is getting ignored on purpose. This issue COMPLETELY AND UTTERLY BREAKS ALL NPM COMMANDS for certain codebases. How does this not get the utmost highest possible priority? Sorry guys/gals, but I would be deeply ashamed for a bug like this, and would probably drop everything and fix this before anything else gets done. I feel this is completely reasonable. Especially after FIVE BLOODY MONTHS of having this BLOCKING issue open without resolution. But instead, the opposite happens. Explain yourselves please. |
|
While all-caps shouting and “explain yourselves” is a little over the top 😊, the total silence here is discouraging. I mean literally it is now discouraging me from putting in work to make a useful bug report for the new npm bug I've found, because here I extracted minimal steps to reproduce and summarized the specific things that are going wrong, and ... no response. For half a year. That puts quite the damper on people's drive to help out the project. |
|
I think it's completely justified at this point. This is ridiculous. |
|
first off, i'd like to thank the folks who exercised restraint when expressing their frustration here. i know it's difficult, but your efforts to help us understand this bug as well as the proposed fix above are extremely appreciated. secondly, i would like to kindly remind folks that we are a very small team responsible for a large number of packages in a rapidly evolving code base. we do our best to triage issues as they come in, but due to the amount of issues we have as well developing new features and processes we often fall behind. while that unfortunately means that some issues do not receive the priority we would like, it does not mean that we are ignoring the issues or the people reporting them. i'm working on related parts of arborist this week and plan to take a deeper look at this. bear with us a bit longer and we'll get this fixed. |
|
@gthb your reproduction isn't working for me in npm@9, i actually get an unrelated error having to do with resolving the override in your example. i've fixed the unrelated error here and after that i'm still unable to make your reproduction work. does anyone else have a step-by-step reproduction they can share? i'm not convinced the pull request linked above fixes this issue |
I took a look and yep, it reproduces with those instructions up to and including v8.15.1 but not in v8.16.0 onwards. I git-bisected my way to 050284d which is the commit that causes this to no longer reproduce (EDIT: with my particular repro instructions). Before that commit, --- package-lock-noproblem.json 2022-12-13 22:10:53
+++ package-lock.json 2022-12-13 22:36:34
@@ -1859,6 +1859,10 @@
}
}
},
+ "node_modules/pg-mem/node_modules/pgsql-ast-parser": {
+ "resolved": "node_modules/pgsql-ast-parser/lib",
+ "link": true
+ },
"node_modules/pg-pool": {
"version": "3.5.2",
"resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.5.2.tgz",
@@ -1904,6 +1908,7 @@
"resolved": "../pgsql-ast-parser/lib",
"link": true
},
+ "node_modules/pgsql-ast-parser/lib": {},
"node_modules/picomatch": {
"version": "2.3.1",
"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
@@ -3957,6 +3962,11 @@
"moment": "^2.27.0",
"object-hash": "^2.0.3",
"pgsql-ast-parser": "file:../pgsql-ast-parser/lib"
+ },
+ "dependencies": {
+ "pgsql-ast-parser": {
+ "version": "file:node_modules/pgsql-ast-parser/lib"
+ }
}
},
"pg-pool": {after which the next But it's important to note that once So, others who are still experiencing this in npm versions v8.16.0 and newer (e.g. @thany), do you get it also with a |
lukekarrys
added
Priority 1
|
@ixalon This is still not resolved, unfortunately. Looks like your fix was published in |
|
Looks like there was a nefarious |
|
Still seeing this error for |
|
the same issue The npm command is run from the command line of Windows v10 x64:
what helps: not convenient but removing all node_modules folders from monorepo and |
|
I made an attempt to trace down the source of the problem, but not knowing much about the structure of the code, there is only so much I can do in a finite time. Somewhere the value of node.target (in link.js?) is being set to null or not being set. It's the latter that is the most difficult to isolate. I usually find a workaround, but what I really need is to find out where node.target is not getting set yet is still being used. |
|
I just posted this on a Microsoft discussion. It may give a clue to what may be going on though probably not in itself. Even then it indicates another nasty problem that has no easy solutions. ... I just figured out a nasty problem with WSL, but I don't have an answer. Windows and Linux have fundamentally different take on symbolic links. Windows has both junctions and symlinks (SYMLINKD). If I create a symbolic link in Linux, it is turned into a relative SYMLINKD. This is OK as long as I'm in the same directory but if I'm in node and install a link to another module, the SYMLINKD fails because it is in the wrong context! npm creates JUNCTIONS (absolute pointers) when run in Windows, but because it uses links in Linux, they become SYMLINKD in Windows and fail when evaluated in the wrong context with very nonobvious error messages. So I tried to be smart and create an absolute /mnt... link in Linux and it created a JUNCTION in Windows to "...." which obviously didn't work. JUNCTIONS have their own problems (I need to write about the wormhole bug I ran into due to them) but at least I can create tools if I move directories). But the SYMLINKD problem is harder to work around because I sometimes need to use WSL NPM when npm fails in Windows (which may be due to the problem I'm working around). This a textbook case of an impedance mismatch that is hard to work around without modifying the semantics of the file systems. And, even then, who knows what implicit dependencies are strewn around. |
|
To be clear this is absolutely not a Windows or WSL specific issue and has nothing to do with symlinks or npm link. This error occurs in all environments including plain Linux and without any symlinks involved. It's to do with npm getting confused whilst loading the package tree - especially in a monorepo (workspaces), but it can also happen without workspaces. |
|
You're probably right. But it is an issue that is difficult to solve so I may report it on its own |
|
import Arborist from '@npmcli/arborist'
const a = new Arborist()
await a.loadActual()I don't understand what the right fix is, but I'm able to workaround the issue by wrapping this part with a cli/workspaces/arborist/lib/node.js Lines 581 to 585 in 11e3c41 Because it seems that when this part below kicks in, it does not re-set the cli/workspaces/arborist/lib/node.js Lines 611 to 613 in 11e3c41 |
used fix suggested in npm#5007 (comment)
Related issues: - npm/cli#5007 Fixed via: pnpm/npm-cli@0af133e To reproduce in the pnpm repo, run `pnpm pack` in `store/store-path`.
|
Vue is facing this issue, too. But I'm not sure if it's our fault or npm's. Because the direct cause is a circular dependency: |
|
I am experiencing this issue with The package json contains file dependencies I have debugged the aborist code and the node that it visiting and throwing on is access to an arborist Link class. When the link class is constructed, the target property is set. Somewhere in the code the Deleting the node_modules resolves the problem, running an npm install a second time causes the error again |
|
I see this issue in the project with links to two sibling modules one which has dependency on anyther ArboristLink which trigger this issue is following additional information
Results in at the same time results in but results in Notice the difference in versions. |
|
Thanks very much for the additional details. It's worth noting that when I use WSL to run the identical command in Linux it works. The caveat is that Linux creates symlinks which do not work when dynamically importing to another app, so I have to work around it by converting the symlinks to junctions. |
|
I don't think it's solely an npm issue, but I've discovered a workaround for my workspace/monorepo setup. We were declaring workspaces layout like this: this a single If your use case truly requires matching all subfolders (e.g. |
|
It definitely isn't limited to workspaces with wildcards, though; we are seeing this in a monorepo where all the child projects are listed explicitly with no globs of any kind, neither |
lukekarrys
removed
the
Release 8.x
…#7579) <!-- What / Why --> If a node represents a symbolic link or a file dep (node.isLink is true), its target is expected to reference another node in the dependency tree. If the linking is not done correctly or is incomplete, node.target might be null. <!-- Describe the request in detail. What it does and why it's being changed. --> in this PR, a null check is added to ensure node.target is not null or before proceeding, which will prevent causing errors like: `npm error Cannot set properties of null (setting 'peer')` ## References Related to #7065, Fixes #6622, #5007, Closes #6622, #5007
and others
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
I can only hit this particular error in a certain directory with a certain package, but I can reproduce it over several npm versions and it's 100% of the time.
There are more examples available in #3711 (the author refuses to reopen the bug even though it is not fixed and people are hitting it!).
After having a working npm for years and not changing the config, I just ran into it on npm v8.1.4. Upgraded to v8.5.4 and the problem did not go away. Here's the log with the latest version (8.12.1):
I redacted the user and package name as they are company internals. I use a company artifactory with npm registry. However, this has worked for me before and is working for thousands of our developers as we speak, so I think it's a local problem with my npm.
Expected Behavior
npm i <package>installs the package successfullySteps To Reproduce
Environment
The text was updated successfully, but these errors were encountered: