npm3 conflicting subdependencies and what ends up at the top level of node_modules

README.md

npm3 conflicting subdependencies and what ends up at the top level of node_modules

Linked to from http://lukecod.es/2015/12/04/npm3-top-level-nested-conflicting-dependencies/

In npm3 conflicting versions of shared sub-dependencies will end up at the top level based on which is installed first.

This isn't a problem, just something to be aware of in case you are relying on something being at the top of node_modules (which you really shouldn't be).

Usage

inhertits-1.tgz depends on inherits@^1.0.2 and inherits-2.tgz depends on inherits@^2.0.1

The scripts in package.json install them in different orders and then display the version from node_modules/inherits/package.json.

# npm i inherits-1.tgz && npm i inherits-2.tgz
> npm run order1
"version": "1.0.2"

# npm i inherits-2.tgz && npm i inherits-1.tgz
> npm run order2
"version": "2.0.1"

# npm i inherits-1.tgz inherits-2.tgz
> npm run order3
"version": "1.0.2"

# npm i inherits-2.tgz inherits-1.tgz
> npm run order4
"version": "1.0.2"

.gitignore

node_modules

inherits-1.tgz

inherits-2.tgz

package.json

{
  "name": "npm-toplevel-order",
  "version": "1.0.0",
  "author": "Luke Karrys",
  "license": "ISC",
  "private": true,
  "scripts": {
    "getversion": "cat node_modules/inherits/package.json | grep version | grep -o '[^ ].*'",
    "install1": "npm install ./inherits-1.tgz >/dev/null",
    "install2": "npm install ./inherits-2.tgz >/dev/null",
    "install3": "npm install ./inherits-1.tgz ./inherits-2.tgz >/dev/null",
    "install4": "npm install ./inherits-2.tgz ./inherits-1.tgz >/dev/null",
    "order1": "npm run rmnm && npm run install1 && npm run install2 && npm run getversion",
    "order2": "npm run rmnm && npm run install2 && npm run install1 && npm run getversion",
    "order3": "npm run rmnm && npm run install3 && npm run getversion",
    "order4": "npm run rmnm && npm run install4 && npm run getversion",
    "rmnm": "rm -rf node_modules"
  }
}