Package: npm Version: 7.5.2+ds-2 Severity: important X-Debbugs-Cc: enquir...@nicolasriesco.net
Dear Maintainer, `npm publish` fails with error E415 complaining about missing `package.json` in the package to be published. I also run `npm pack` to check the package to be published and I noticed `package.json` was stored as `package//package.json`. The issue is actually caused by Debian's `node-tar`. Here's i how I got to reproduce it: ``` $ npm i tar@6.0.5 [...] $ ls -la total 32 drwxr-xr-x 3 nriesco nriesco 4096 Nov 16 17:57 . drwxrwxr-x 17 nriesco nriesco 4096 Nov 16 18:34 .. -rw-r--r-- 1 nriesco nriesco 457 Nov 16 17:57 index.js drwxr-xr-x 10 nriesco nriesco 4096 Nov 16 17:53 node_modules -rw-r--r-- 1 nriesco nriesco 4867 Nov 16 17:53 package-lock.json -rw-r--r-- 1 nriesco nriesco 48 Nov 16 17:53 package.json -rw-r--r-- 1 nriesco nriesco 335 Nov 16 18:25 test.tgz $ cat index.js test("tar").then(_ => test("/usr/share/nodejs/tar")); function test(module) { console.log("Using", require.resolve(module)); const tar = require(module); return tar.c({ file: 'test.tgz', cwd: '.', prefix: 'package/', portable: true, gzip: true, }, ["index.js"]).then( _ => tar.t({ file: 'test.tgz', onentry: entry => console.log(entry.path), }) ); } $ node index.js Using /home/nriesco/tmp/node_modules/tar/index.js package/index.js Using /usr/share/nodejs/tar/index.js package//index.js $ ``` Hope this helps, Nico -- System Information: Debian Release: 11.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-90-generic (SMP w/4 CPU threads) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages npm depends on: ii ca-certificates 20210119 ii node-abbrev 1.1.1-2 ii node-agent-base 6.0.2-2 ii node-ajv 6.12.6-2 ii node-ansi 0.3.1-1 ii node-ansi-regex 5.0.1-1~deb11u1 ii node-ansi-styles 4.2.1-1 ii node-ansistyles 0.1.3-2 ii node-aproba 2.0.0-1 ii node-archy 1.0.0-3 ii node-are-we-there-yet 1.1.5-1 ii node-asap 2.0.6-2 ii node-asn1 0.2.3-2 ii node-assert-plus 1.0.0-2 ii node-asynckit 0.4.0-3 ii node-aws-sign2 0.7.1-2 ii node-aws4 1.11.0-1 ii node-balanced-match 1.0.0-1 ii node-bcrypt-pbkdf 1.0.2-1 ii node-brace-expansion 2.0.0-1 ii node-builtins 1.0.3-2 ii node-cacache 15.0.5+~cs13.9.21-1 ii node-caseless 0.12.1-1 ii node-chalk 4.1.0-1 ii node-chownr 1.1.3-5 ii node-clone 2.1.2-2 ii node-color-convert 1.9.3-1 ii node-color-name 1.1.4+~1.1.1-1 ii node-colors 1.4.0-1 ii node-columnify 1.5.4-3 ii node-combined-stream 1.0.8-1 ii node-concat-map 0.0.1-2 ii node-console-control-strings 1.1.0-2 ii node-core-util-is 1.0.2-2 ii node-dashdash 2.0.0-1 ii node-debug 4.3.1+~cs4.1.5-1 ii node-defaults 1.0.3-2 ii node-delayed-stream 1.0.0-4 ii node-delegates 1.0.0-2 ii node-depd 2.0.0-1 ii node-ecc-jsbn 0.2.0-2 ii node-encoding 0.1.13-1 ii node-err-code 2.0.3+dfsg-1 ii node-extend 3.0.2-1 ii node-extsprintf 1.4.0-1 ii node-fast-deep-equal 3.1.3-1 ii node-forever-agent 0.6.1-2 ii node-form-data 3.0.0-2 ii node-fs.realpath 1.0.0-1.1 ii node-function-bind 1.1.1+repack-1 ii node-gauge 2.7.4-1.1 ii node-getpass 0.1.7-1.1 ii node-glob 7.1.6+~7.1.3-1 ii node-graceful-fs 4.2.4+repack-1 ii node-gyp 7.1.2-4 ii node-har-schema 2.0.0-4 ii node-har-validator 5.1.5-1 ii node-has-flag 4.0.0-1 ii node-http-signature 1.3.5-1 ii node-https-proxy-agent 5.0.0-3 ii node-iconv-lite 0.5.1-3 ii node-imurmurhash 0.1.4-1.1 ii node-indent-string 4.0.0-1 ii node-inflight 1.0.6-1.1 ii node-inherits 2.0.4-1 ii node-ini 2.0.0-1 ii node-ip 1.1.5-5 ii node-ip-regex 4.3.0-1 ii node-is-typedarray 1.0.0-3 ii node-isarray 2.0.5-1 ii node-isexe 2.0.0-5 ii node-isstream 0.1.2+dfsg-1.1 ii node-jsbn 1.1.0-1.1 ii node-json-parse-better-errors 1.0.2+~2.3.1-1 ii node-json-schema 0.3.0+~7.0.6-1 ii node-json-schema-traverse 1.0.0-2 ii node-json-stable-stringify 1.0.1+~cs5.1.32-1 ii node-json-stringify-safe 5.0.1+repack-3 ii node-jsonparse 1.3.1-7 ii node-jsonstream 1.3.5-1 ii node-jsprim 2.0.0-1 ii node-leven 3.1.0+~cs1.1.1-1 ii node-lockfile 1.0.4-3 ii node-mime 2.5.0+dfsg+~cs3.90.0-1 ii node-mime-types 2.1.28-1 ii node-minimatch 3.0.4+~3.0.3-1 ii node-mkdirp 1.0.4+~1.0.1-1 ii node-ms 2.1.3+~cs0.7.31-1 ii node-mute-stream 0.0.8-2 ii node-nopt 5.0.0-1 ii node-normalize-package-data 3.0.0+~2.4.0-1 ii node-npm-bundled 1.1.1-1 ii node-npm-package-arg 8.1.0-1 ii node-npmlog 4.1.2-2 ii node-number-is-nan 2.0.0-1 ii node-oauth-sign 0.9.0-2 ii node-object-assign 4.1.1-3 ii node-opener 1.5.2-1 ii node-p-map 4.0.0-1 ii node-path-is-absolute 2.0.0-1 ii node-performance-now 2.1.0+debian-1.1 ii node-process-nextick-args 2.0.0-1 ii node-promise-retry 2.0.1-1 ii node-promzard 0.3.0-1.1 ii node-psl 1.8.0+ds-4 ii node-puka 1.0.1+dfsg-2 ii node-punycode 2.1.1-3 ii node-qs 6.9.4+ds-1 ii node-read 1.0.7-2 ii node-read-package-json 3.0.0-1 ii node-readable-stream 3.6.0-2 ii node-resolve 1.19.0+~cs5.20.8-2 ii node-resolve-from 5.0.0+~3.1.0+~3.3.0+~2.0.0-1 ii node-retry 0.12.0-1 ii node-rimraf 3.0.2-1 ii node-safe-buffer 5.2.1+~cs2.1.2-1 ii node-semver 7.3.4-1 ii node-set-blocking 2.0.0-1.1 ii node-signal-exit 3.0.3-1 ii node-slash 3.0.0-1 ii node-spdx-correct 3.1.1-1 ii node-spdx-exceptions 2.3.0-1 ii node-spdx-expression-parse 3.0.1-1 ii node-spdx-license-ids 3.0.7-1 ii node-sshpk 1.16.1+dfsg-2 ii node-ssri 8.0.1-2 ii node-string-decoder 1.3.0-2 ii node-string-width 4.2.0-1 ii node-strip-ansi 6.0.0-2 ii node-supports-color 8.1.0+~7.2.0-1 ii node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u2 ii node-text-table 0.2.0-2 ii node-tunnel-agent 0.6.1-2 ii node-tweetnacl 1.0.3+dfsg-1 ii node-typedarray-to-buffer 4.0.0-1 ii node-uri-js 4.4.0+dfsg-5 ii node-util-deprecate 1.0.2-1 ii node-uuid 8.3.2+~8.3.0-4 ii node-validate-npm-package-name 3.0.0-1.1 ii node-verror 1.10.0-1.1 ii node-wcwidth.js 1.0.0-1.1 ii node-which 2.0.2+~cs1.3.2-1 ii node-wide-align 1.1.3-1 ii node-wrappy 1.0.2-1.1 ii node-write-file-atomic 3.0.3+~3.0.1-1 ii node-yallist 4.0.0-1 ii nodejs 12.22.5~dfsg-2~11u1 Versions of packages npm recommends: ii git 1:2.30.2-1 npm suggests no packages. -- no debconf information