NodeJs Package.json Infinite Recursive Dependency

Question

This is a question I have been pondering. Is it possible that a Node project may encounter a recursive and infinite package dependency? What I mean is the following.

Suppose that the main application has the package A listed in its dependency section of Package.json. In turn, suppose this package A depends on a package B. That is, node_modules/A/Package.json will contain B in the dependency section.

Now, suppose in a crazy combination of events that package B depends on another package C (C!= A), which, however, has A as its dependency. To clarify,

node_modules/A/node_modules/B/package.json - contains C as dependency
node_modules/A/node_modules/B/node_modules/C/package.json - contains A as dependency

My question is two-fold. First, is such situation even possible in practice? Secondly, how would it be resolved? It seems to me that npm install would send this app for an infinite loop of installation.

Answer 1

OP: Is it possible that a Node project may encounter a recursive and infinite package dependency?

No.

From the documented algorithm, as the dependency tree is walked, "dependencies will be added as close to the top as is possible."

The example given on that page says that if you have a package A that depends on a package B and a package C, and package B also depends on package C, the dependency in package B will be resolved by the copy already installed for package A.

So, in your example, package C's dependency on A would be met by the main application's dependency on A. No need to go fetch it again.

Things get a little tricky, however, when you start encountering dependencies that have dependencies on different versions of dependencies already met. In fact, the next section on that page talks specifically about this:

npm flat-out refuses to install any name@version that is already present anywhere in the tree of package folder ancestors

They did give this recursive dependency installation stuff some thought.