Skip to content

fix: add --before param to command ci help output #8817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
clintonsteiner wants to merge 1 commit into from
Closed

fix: add --before param to command ci help output #8817

clintonsteiner wants to merge 1 commit into from
+5 −2

Conversation

@clintonsteiner
Copy link

@clintonsteiner clintonsteiner commented Dec 3, 2025

npm ci --before arg isn't documented, but is supported, add to the --help output

References

Related to #8447

@clintonsteiner clintonsteiner requested a review from a team as a code owner December 3, 2025 17:58
@clintonsteiner clintonsteiner marked this pull request as draft December 3, 2025 17:58
@clintonsteiner clintonsteiner marked this pull request as ready for review December 3, 2025 19:24
@wraithgar
Copy link
Member

wraithgar commented Dec 3, 2025

--before does not work with npm ci. The point of ci is to install exactly what is found in the lockfile, and nothing different.

@wraithgar wraithgar closed this Dec 3, 2025
@clintonsteiner
Copy link
Author

clintonsteiner commented Dec 3, 2025

@wraithgar if you modify your lockfile and run like so, you'll see it block the build
$: npm ci --before "2024"
npm error code ETARGET
npm error notarget No matching version found for [email protected] with a date before 12/31/2023, 6:00:00 PM.
npm error notarget In most cases you or one of your dependencies are requesting
npm error notarget a package version that doesn't exist.
npm error A complete log of this run can be found in:

@wraithgar
Copy link
Member

wraithgar commented Dec 3, 2025

if you modify your lockfile not sure what you mean by this.

If I install pacote, and then go try to run npm ci with a date that precedes the latest version of npm-package-arg, it will ignore that directive

~/D/s/a $ npm ls npm-package-arg
[email protected] /Users/wraithgar/Development/scratch/a
└─┬ [email protected]
  ├── [email protected]
  ├─┬ [email protected]
  │ └── [email protected] deduped
  └─┬ [email protected]
    └── [email protected] deduped

~/D/s/a $ npm view npm-package-arg "time[13.0.2]"
2025-11-13T18:26:48.064Z
~/D/s/a $ npm ci --before=2024

added 103 packages, and audited 104 packages in 8s

found 0 vulnerabilities
~/D/s/a $ npm ls npm-package-arg
[email protected] /Users/wraithgar/Development/scratch/a
└─┬ [email protected]
  ├── [email protected]
  ├─┬ [email protected]
  │ └── [email protected] deduped
  └─┬ [email protected]
    └── [email protected] deduped
~/D/s/a $ npm -v
11.6.4

@clintonsteiner clintonsteiner mentioned this pull request Dec 4, 2025
Closed
2 tasks
@clintonsteiner
Copy link
Author

clintonsteiner commented Dec 4, 2025

@wraithgar thanks for taking the time to explain. I had deleted the package-lock.json, then validated it rejected a npm ci --before "2024" after clearing cache, node_modules, of a package in package.json

Upon further thought, I agree this shouldn't really be accepted to an npm ci command and have opened #8826 to reject the --before argument when passed into npm ci

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@clintonsteiner @wraithgar