[BUG] presence of overrides breaks ability to downgrade un-hoisted workspace dependencies #7028
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
If the root package.json defines any overrides, if you attempt to downgrade an un-hoisted workspace dependency via the CLI (e.g. npm install <specifierWithOlderVersion> --save-exact -w <workspace>), the command may succeed without actually doing anything. In npm <11.2 this affected all such downgrades, as of npm 11.2 it only affects certain ones (see the repro and notes). This only affects downgrades, you can always upgrade to a newer version.
Related to #7018 and exacerbated by #7019
Expected Behavior
Invoking the CLI to install a package should either 1. install the package or 2. display an error message explaining why it could not be installed.
Steps To Reproduce
Given package.json:
{
"workspaces": [
"packages/*"
],
"overrides": {
"doesnt-matter-can-be-anything": "1.2.3"
}
}And packages/my-cool-package/package.json:
{}And packages/another-cool-package/package.json:
{}Run:
npm i [email protected] --save-exact -w my-cool-package(hoisted tonode_modules/tiny-invariant)npm i [email protected] --save-exact -w another-cool-package(un-hoisted topackages/another-cool-package/node_modules/tiny-invariant)npm i [email protected] --save-exact -w another-cool-package- Note that the un-hoisted
0.0.3is still installed, and thepackage*.jsonfiles are unchanged since step 2
Other notes
Given the repro above:
- If you set
--prefer-dedupin step 3, then it does dedup correctly. - If you downgrade to a different version in step 3 (e.g. 0.0.1), then it does update correctly
- However if you remove
my-cool-packageentirely, then you can't downgrade tiny-invariant to any version inanother-cool-package
Environment
- npm: 11.2.0
- Node.js: 20.18.3
- OS Name: Mac OS Sequoia
- System Model Name: Macbook Pro
- npm config:
registry = "https://registry.npmjs.org/"