[BUG] unable to install latest versions of transitive dependencies, overrides & engine requirements silently ignored #8863
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
With a specific npm package, npm install doesn't install the latest versions of transitive dependencies that meet the requirements, silently ignores overrides and engine requirements of transitive dependencies.
NOTE: The reproduction steps show that node is installed via nodenv; the same steps, however, reproduce the issue when executed in a fresh node:24 docker container.
Expected Behavior
Latest available versions of transitive dependencies are used, requirements are honored if possible or an error is given if not possible, engine version mismatch is reported on npm install.
Steps To Reproduce
With Node 24 and npm 11.7.0, create an empty folder with the following package.json:
{
"dependencies": {
"@sap/cds-dk":"9.5.0"
}
}
and the following .npmrc:
engine-strict = true
Run npm install and npm ls @sap/xsenv. The output is:
<toplevel package>
└─┬ @sap/[email protected]
└─┬ @sap/[email protected]
└── @sap/[email protected]
Remove all files except package.json and .npmrc and run bun install and bun why @sap/xsenv (can also be reproduced with e.g. yarn, or by simply manually verifying that the expected versions actually exist and satisfy the requirements). The output is:
@sap/[email protected]
└─ @sap/[email protected] (requires ^6.0.0)
├─ @sap/[email protected] (requires ^5)
└─ @sap/[email protected] (requires ^5)
└─ @sap/[email protected] (requires >=2)
Again remove everything and add the following to package.json:
"overrides": {
"@sap/hdi-deploy": "5.6.0"
}
Run npm install and npm ls @sap/xsenv again. The hdi-deploy override is silently ignored and the output is the same as before. Finally, run npm ci. The output is
npm error code EBADENGINE
npm error engine Unsupported engine
npm error engine Not compatible with your version of node/npm: @sap/[email protected]
npm error notsup Not compatible with your version of node/npm: @sap/[email protected]
npm error notsup Required: {"node":"^18.0.0 || ^20.0.0 || ^22.0.0"}
npm error notsup Actual: {"node":"v24.12.0","npm":"11.7.0"}
npm error A complete log of this run can be found in: ...
while the previous npm install steps completed successfully.
Environment
- npm: 11.7.0
- Node.js: v24.12.0
- OS Name: macOS Tahoe
- System Model Name: 26.2
- npm config:
; "project" config from /Users/.../.npmrc
engine-strict = true
; node bin location = /Users/.../.nodenv/versions/24.12.0/bin/node
; node version = v24.12.0
; npm local prefix = /Users/...
; npm version = 11.7.0
; cwd = /Users/...
; HOME = /Users/...
; Run `npm config ls -l` to show all defaults.