Skip to content

fix: clear exclusive param siblings when setting from CLI#9023

Open
umeshmore45 wants to merge 3 commits intonpm:latestfrom
umeshmore45:fix/exclusive-params-env-clearing
Open

fix: clear exclusive param siblings when setting from CLI#9023
umeshmore45 wants to merge 3 commits intonpm:latestfrom
umeshmore45:fix/exclusive-params-env-clearing

Conversation

@umeshmore45
Copy link
Contributor

@umeshmore45 umeshmore45 commented Feb 24, 2026

fix: clear exclusive sibling configs from env when one is set via CLI

What's the problem?

If you set an exclusive param via CLI (e.g. --save-prod) but a sibling
(npm_config_save_dev=true) is already in the environment, child processes
inherit both and crash with a conflict. This was also the root cause of the
--min-release-age + --before issue in #9005.

What changed

When setEnvs exports a non-default exclusive config, it now resets that
param's siblings to their defaults in the env — so child processes never
see a conflict. Works generically for all exclusive pairs, not just this one.

Tests

Added a test for the case where save-prod is set via CLI while save-dev
is already in env — verifies save-dev gets reset to its default.

References

Fixes #9005

@umeshmore45
fix: clear exclusive param siblings when setting from CLI
2bb0fe2 
When an exclusive config parameter is set via CLI, now clear its
sibling parameters in the environment to prevent child processes
from seeing conflicting values. Adds test coverage for the scenario
where save-prod is set via CLI while save-dev exists in env.
@umeshmore45 umeshmore45 requested a review from a team as a code owner February 24, 2026 13:44
@umeshmore45
refactor: remove unused environment variables in test setup
aed55d5 
Cleaned up the test environment configuration by removing unnecessary environment variables from the  file. This simplifies the test setup and improves clarity.
@umeshmore45
test: add scenarios for exclusive params handling with envExport and …
15cca7c 
…deprecated siblings

Introduced new test cases to verify that exclusive parameters do not clear their siblings when  is set to false or when they are marked as deprecated. This ensures correct behavior in the configuration management for CLI and environment variables.
@owlstronaut
Copy link
Contributor

owlstronaut commented Feb 25, 2026

Thanks for working on this @umeshmore45 — the approach of fixing it generically in set-envs.js for all exclusive params is the right direction per @wraithgar's feedback.

However, the bug is still reproducible with this PR applied. The core issue is what the child process sees when pacote prepares a git dep, which you can test directly:

   npm_config_min_release_age=2 node bin/npm-cli.js install --before=2026-02-23T00:00:00.000Z --dry-run
   # => --min-release-age cannot be provided when using --before

This fails identically with and without the PR. The fix resets npm_config_before="" in the parent's env, but the child's loadEnv skips empty strings, so it has no effect. The actual conflict is between npm_config_min_release_age (still in env) and --before (CLI arg added by pacote) — the fix clears the sibling, but the original config causing the conflict is untouched.

owlstronaut
owlstronaut requested changes Feb 25, 2026
View reviewed changes
Copy link
Contributor

@owlstronaut owlstronaut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

~~

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@owlstronaut owlstronaut owlstronaut requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] min-release-age config error if any dependencies use ~ version range

2 participants

@umeshmore45 @owlstronaut