Giters

npm / cli

the package manager for JavaScript

Home Page:https://docs.npmjs.com/cli/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] Invalid package name ".DS_Store"

xiaozhuai opened this issue · comments

commented

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

Exec npm update -g.

npm error code EINVALIDPACKAGENAME
npm error Invalid package name ".DS_Store" of package ".DS_Store@*": name cannot start with a period.

npm error A complete log of this run can be found in: /Users/xiaozhuai/.cache/npm/_logs/2024-05-09T05_40_34_718Z-debug-0.log

2024-05-09T05_40_34_718Z-debug-0.log

If I remove .DS_Store with rm /opt/node/npm/lib/node_modules/.DS_Store, then it works.
I am on macOS, and I've set prefix=/opt/node/npm in .npmrc.

Environment

  • npm: 10.7.0
  • Node.js: v18.19.1
  • OS Name: macOS 14.4.1
  • System Model Name: MacBook Pro Apple M3 Max
  • npm config:
; "builtin" config from /opt/node/npm/lib/node_modules/npm/npmrc

; prefix = "/opt/homebrew" ; overridden by user

; "user" config from /Users/xiaozhuai/.npmrc

//registry.npmjs.org/:_authToken = (protected)
cache = "/Users/xiaozhuai/.cache/npm"
prefix = "/opt/node/npm"
strict-ssl = false

; node bin location = /opt/node/node/bin/node
; node version = v18.19.1
; npm local prefix = /opt
; npm version = 10.7.0
; cwd = /opt
; HOME = /Users/xiaozhuai
commented

Why is prefix set?

commented

Why is prefix set?

I just want to custom it.

commented

Why? npm only comes with node, so it should only be located in the location that node ships it in.

commented

Why? npm only comes with node, so it should only be located in the location that node ships it in.

I separated them.
I manually installed node to /opt/node/node, and set npm prefix to /opt/node/npm.

This has nothing to do with why I set the prefix, so far everything works fine with my configuration instead of this issue.
It seems that npm did not use the correct filter results when scanning the global lib directory, which caused this problem.

And here is a related issue in old repo.
npm/npm#20493

commented

prefix changes npm root -g, so it very well might be related. Have you tried a standard unmodified install to see if it's your modifications causing the problem?

commented

prefix changes npm root -g, so it very well might be related. Have you tried a standard unmodified install to see if it's your modifications causing the problem?

Would you please try following steps to repro.

touch "$(npm config get prefix)/lib/node_modules/.DS_Store"
npm update -g
commented

I definitely get the same error, but npm update -g isn't a command that should work anyways, since there's no global package.json to update. Global packages need to be updated manually, one at a time.

commented

npm update -g isn't a command that should work anyways.

image

The help message says it is ok.
<pkg> is optional.

commented

Seems like two legit issues: a documentation error, as well as "it should be failing with a clearer message".

commented

I bet npm update -g works fine, I often do it. This can easily update all global libraries.
The only problem is that .DS_Store is not filtered out correctly.
In addition to .DS_Store, there may be some other files that need to be filtered.
But at least all regular file type should be excluded from the results and only the folder type should be kept as package name.

commented

BTW, npm list -g works fine with .DS_Store.
image

commented

cli/workspaces/arborist/lib/arborist/build-ideal-tree.js

Line 455 in e9fdc9a

const paths = await readdirScoped(nm).catch(() => [])

I tried change line 445 to following, and it works.

const paths = (await readdirScoped(nm).catch(() => []))
        .filter(p => p !== '.DS_Store')

Maybe we should fix it in readdir-scoped.js

cli/node_modules/@npmcli/fs/lib/readdir-scoped.js

Lines 1 to 20 in e9fdc9a

const { readdir } = require('fs/promises')
const { join } = require('path')
const readdirScoped = async (dir) => {
const results = []
for (const item of await readdir(dir)) {
if (item.startsWith('@')) {
for (const scopedItem of await readdir(join(dir, item))) {
results.push(join(item, scopedItem))
}
} else {
results.push(item)
}
}
return results
}
module.exports = readdirScoped

commented

Possibly better logic would be, to filter out anything that can’t be a valid package name?

commented

Possibly better logic would be, to filter out anything that can’t be a valid package name?

I agree, Maybe we should refer to npm list -g, since it works fine.

commented

It looks like your operating system put an invalid name in your node_modules folder. npm can't support things like this, it has to assume everything in there is something it put there. It has to error to let you know that you are now going to get unexpected results.

npm update -g does work. Because there is no global manifest it will always update to the latest version.

The solution here is to remove those files that osx put there, and configure it to stop doing that.

commented

It looks like your operating system put an invalid name in your node_modules folder.

As we all know, macOS may place a .DS_Store file in any directory.

It's unimaginable that npm doesn't handle it.

it has to assume everything in there is something it put there

Too idealistic.

The solution here is to remove those files that osx put there, and configure it to stop doing that.

This is not a solution.

I'm starting to understand why npm is the default package manager distributed with node, but people still invent alternatives.

I will move to yarn or pnpm, whatever.