npm default install command always runs if binding.gyp exists, and package install script is ignored #5234
Closed
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
- use npm 7 or 8
- package.json contains install script
- project root directory contains binding.gyp
- npm install results in default npm install command
node-gyp rebuildrunning instead of the install script in package.json
It works correctly with npm 6.
Expected Behavior
Expect it to behave as documented:
If there is a binding.gyp file in the root of your package and you haven't defined your own install or preinstall scripts, npm will default the install command to compile using node-gyp via node-gyp rebuild
I assume this means:
If there is a binding.gyp file in the root of your package and you have defined your own install or preinstall scripts, npm will run your install and preinstall scripts and not default the install command to compile using node-gyp via node-gyp rebuild
Steps To Reproduce
- Create new directory with new package.json that has no dependencies
- See canvas has binding.gyp and an install script in package.json.
- npm i canvas@latest -S --verbose
- "install": "node-pre-gyp install --fallback-to-build --update-binary", in canvas package.json is NOt run but should be
npm info run canvas@2.9.3 install node_modules/canvas node-gyp rebuildis run but should NOT be- Behaves the same if canvas is added as a dependency in package.json and run
npm install
npm timing build:link Completed in 14ms
npm info run bufferutil@4.0.6 install node_modules/bufferutil node-gyp rebuild
npm info run canvas@2.9.3 install node_modules/canvas node-gyp rebuild
npm info run utf-8-validate@5.0.9 install node_modules/utf-8-validate node-gyp rebuild
npm timing auditReport:getReport Completed in 2206ms
npm timing metavuln:packument:simple-get Completed in 0ms
npm timing metavuln:cache:get:security-advisory:simple-get:dbHiY3JnNP4Jr4742q+4dVLSv3XH7FpEftzGzOaOhPntyoPMZBTutjtG1UEIt3y0lLR8CJaI5/gMVJm6WwgYGg== Completed in 7ms
npm timing metavuln:load:security-advisory:simple-get:196538 Completed in 1ms
npm timing metavuln:calculate:security-advisory:simple-get:196538 Completed in 8ms
npm timing metavuln:packument:canvas Completed in 0ms
npm timing metavuln:cache:get:security-advisory:canvas:iM1APVjmhbDx0X3xpRuxOwUQvflbdVAPg0uVWMVNMm0wj7U/KvLbCf7/QXuuKtAJTVE+pHimM8kwJEs3s13Iog== Completed in 10ms
npm timing metavuln:load:security-advisory:canvas:dbHiY3JnNP4Jr4742q+4dVLSv3XH7FpEftzGzOaOhPntyoPMZBTutjtG1UEIt3y0lLR8CJaI5/gMVJm6WwgYGg== Completed in 1ms
npm timing metavuln:calculate:security-advisory:canvas:dbHiY3JnNP4Jr4742q+4dVLSv3XH7FpEftzGzOaOhPntyoPMZBTutjtG1UEIt3y0lLR8CJaI5/gMVJm6WwgYGg== Completed in 11ms
npm timing auditReport:init Completed in 80ms
npm timing reify:audit Completed in 2287ms
npm info run canvas@2.9.3 install { code: 1, signal: null }
npm timing reify:rollback:createSparse Completed in 421ms
npm timing reify:rollback:retireShallow Completed in 0ms
npm timing command:i Completed in 22622ms
npm verb stack Error: command failed
npm verb stack at ChildProcess.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/lib/index.js:63:27)
npm verb stack at ChildProcess.emit (node:events:527:28)
npm verb stack at maybeClose (node:internal/child_process:1092:16)
npm verb stack at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)
npm verb pkgid canvas@2.9.3
npm verb cwd /Users/dev/Documents/dev/test
npm verb Darwin 21.5.0
npm verb node v16.16.0
npm verb npm v8.15.1
npm ERR! code 1
< non applicable lines removed >
npm ERR! gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
npm ERR! gyp ERR! cwd /Users/dev/Documents/dev/test/node_modules/canvas
npm ERR! gyp ERR! node -v v16.16.0
npm ERR! gyp ERR! node-gyp -v v9.0.0
npm ERR! gyp ERR! not ok
npm verb exit 1
npm timing npm Completed in 22717ms
npm verb unfinished npm timer reify 1659048451229
npm verb unfinished npm timer reify:build 1659048471025
npm verb unfinished npm timer build 1659048471026
npm verb unfinished npm timer build:deps 1659048471026
npm verb unfinished npm timer build:run:install 1659048471044
npm verb unfinished npm timer build:run:install:node_modules/bufferutil 1659048471044
npm verb unfinished npm timer build:run:install:node_modules/canvas 1659048471063
npm verb unfinished npm timer build:run:install:node_modules/utf-8-validate 1659048471082
npm verb code 1
It seems the problem is identified here #3341. arborist is making the decision of what install to run when it only has the manifest of the package which does not include scripts.
This error prevents the install from being successful because all the binary dependencies needed to build canvas locally are not installed. Installing the dependencies every place the install is run is not feasible for us.
The work around mentioned in #3341 of adding "hasInstallScript": true to package-lock.json is not feasible for us.
Environment
- npm -v 8.15.1
- node -v v16.16.0
- macOS 12.4
- System Darwin 21.5.0
- npm config ls:
; "user" config from /Users/dev/.npmrc
canvas_binary_host_mirror = "https://dev:<token removed>@statefarm.jfrog.io/artifactory/github-com-remote/Automattic/node-canvas/releases/download/"
disturl = "https://dev:<token removed>@statefarm.jfrog.io/artifactory/nodejs-org-download-release-remote/%"
fse_binary_host_mirror = "https://dev:<token removed>@statefarm.jfrog.io/artifactory/fsevents-binaries-aws-remote/"
proxy = "http://in00pxy1.opr.statefarm.org:8000/"
registry = "https://statefarm.jfrog.io/artifactory/api/npm/npm-virtual/"
; "project" config from /Users/dev/Documents/dev/test/.npmrc
; node bin location = /usr/local/bin/node
; node version = v16.16.0
; npm local prefix = /Users/dev/Documents/dev/test
; npm version = 8.15.1
; cwd = /Users/dev/Documents/dev/test
; HOME = /Users/dev