fix(npm): only declare the configured package manager as a dependency#7995
fix(npm): only declare the configured package manager as a dependency#7995
Conversation
Previously, npm backend's get_dependencies() returned all package managers (node, npm, bun, pnpm) regardless of which one was configured via npm.package_manager. This created incorrect dependency edges and prevented proper installation ordering when using bun or pnpm. Now get_dependencies() checks the npm.package_manager setting and only returns the actually-needed package manager, so the dependency graph correctly orders installations (e.g., bun before npm packages when npm.package_manager=bun). Closes #7994 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Summary of ChangesHello @jdx, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly improves the dependency management for npm-related tools by ensuring that the system only declares the package manager explicitly configured by the user. This targeted approach eliminates erroneous dependency edges, which previously caused issues with tool installation order and overall system reliability, leading to a more accurate and efficient tool provisioning process. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Pull request overview
This PR fixes a bug in the NPM backend's dependency resolution. Previously, all NPM packages incorrectly declared dependencies on all package managers (node, npm, bun, pnpm) regardless of configuration. Now, get_dependencies() only returns the package manager specified in the npm.package_manager setting, ensuring correct installation ordering when tools are installed via mise install.
Changes:
- Modified
get_dependencies()to return only the configured package manager as a dependency - Special handling for
npm:npmto avoid circular dependencies by only depending onnode - Updated tests to verify the new behavior for both npm:npm and other packages
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/backend/npm.rs
Outdated
| let mut deps = vec!["node"]; | ||
| match Settings::get().npm.package_manager.as_str() { | ||
| "bun" => deps.push("bun"), | ||
| "pnpm" => { |
There was a problem hiding this comment.
The code adds npm as a dependency when pnpm is configured, but there's no comment explaining why pnpm requires npm as a dependency while bun does not. Consider adding a comment to clarify this design decision.
| "pnpm" => { | |
| "pnpm" => { | |
| // When pnpm is selected, we still rely on the npm CLI for certain operations | |
| // (e.g. version/metadata queries), so npm must be installed alongside pnpm. |
There was a problem hiding this comment.
Code Review
This pull request correctly refactors get_dependencies in the NPM backend to only depend on the configured package manager, which fixes incorrect dependency resolution. The changes are logical and the updated tests are more precise. I have one suggestion to improve the dependency declaration for pnpm to better align with separation of concerns.
src/backend/npm.rs
Outdated
| "pnpm" => { | ||
| deps.push("npm"); | ||
| deps.push("pnpm"); | ||
| } |
There was a problem hiding this comment.
While it's true that pnpm can be installed via npm and thus depend on it, this is not always the case. pnpm can also be installed as a standalone binary. To keep concerns separated, this backend should only declare a dependency on pnpm as the configured package manager. The pnpm tool's own backend should be responsible for declaring a dependency on npm if it is required for its installation. This makes the dependency graph more accurate and modular.
"pnpm" => deps.push("pnpm"),
Hyperfine Performance
|
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.2.3 x -- echo |
20.3 ± 0.4 | 19.7 | 24.4 | 1.00 |
mise x -- echo |
20.6 ± 0.4 | 20.0 | 25.5 | 1.01 ± 0.03 |
mise env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.2.3 env |
19.8 ± 0.6 | 19.2 | 25.3 | 1.00 |
mise env |
20.0 ± 0.4 | 19.3 | 23.4 | 1.01 ± 0.04 |
mise hook-env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.2.3 hook-env |
20.6 ± 0.3 | 19.9 | 21.9 | 1.00 |
mise hook-env |
20.8 ± 0.4 | 20.0 | 23.8 | 1.01 ± 0.02 |
mise ls
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.2.3 ls |
18.3 ± 0.3 | 17.7 | 20.2 | 1.00 |
mise ls |
18.7 ± 0.3 | 18.1 | 20.1 | 1.02 ± 0.02 |
xtasks/test/perf
| Command | mise-2026.2.3 | mise | Variance |
|---|---|---|---|
| install (cached) | 111ms | 112ms | +0% |
| ls (cached) | 69ms | 71ms | -2% |
| bin-paths (cached) | 73ms | 74ms | -1% |
| task-ls (cached) | 536ms | 537ms | +0% |
Address review feedback: - Check if tool matches the configured package manager (not just "npm") to avoid circular deps when installing npm:pnpm or npm:bun - Remove npm as a dependency for pnpm - let pnpm's own backend handle its dependencies (separation of concerns) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Address Cursor Bugbot feedback: npm CLI is always needed for version queries (npm view), even when using bun/pnpm for installation. The previous commit incorrectly removed npm from dependencies when using bun/pnpm, which would cause npm commands to fail. Now: - npm:npm depends on just node (avoid circular dep) - npm:bun/pnpm depends on node + npm (need npm for version queries) - Other packages depend on node + npm + configured package manager Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When installing npm:npm with bun or pnpm configured as the package manager, the installation will use that package manager. The dependencies should include it to ensure it's available during installation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
### 🐛 Bug Fixes - **(env)** resolve sourced env for tool templates by @corymhall in [#7895](#7895) - **(npm)** only declare the configured package manager as a dependency by @jdx in [#7995](#7995) - **(upgrade)** respect use_locked_version when checking tracked configs by @jdx in [#7997](#7997) - ignore MISE_TOOL_VERSION in env var parsing by @jdx in [#8004](#8004) ### New Contributors - @corymhall made their first contribution in [#7895](#7895)
…jdx#7995) ## Summary - Fix `npm.rs::get_dependencies()` to only return the package manager that's actually configured via `npm.package_manager` setting - Previously it always returned all package managers (`node`, `npm`, `bun`, `pnpm`) as dependencies regardless of configuration, creating incorrect dependency edges This means when `npm.package_manager = "bun"` and both `bun` and an npm package are in `[tools]`, running `mise install` will correctly install bun before the npm package. Note: `mise install <specific-tool>` only installs the requested tool — it does not auto-install dependencies from config. Users should run `mise install` (no args) to install all missing tools in the correct order, or manually install dependencies first. Closes jdx#7994 ## Test plan - [x] `cargo check` passes - [x] Unit tests pass (`cargo test backend::npm::tests`) - [x] All pre-commit lints pass - [ ] CI passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes the dependency graph used to order tool installs, which can affect installation sequencing and potentially reintroduce or avoid circular-dependency edge cases depending on configuration. > > **Overview** > Fixes `NPMBackend::get_dependencies()` to declare only `node`, `npm` (for registry/version queries), and the *configured* `npm.package_manager` (`bun`/`pnpm`) instead of always depending on all package managers. > > Adds explicit circular-dependency handling for `npm:npm` and for installing the configured package manager itself, and updates unit tests to assert the new default dependency set. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 4e078a5. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
### 🐛 Bug Fixes - **(env)** resolve sourced env for tool templates by @corymhall in [jdx#7895](jdx#7895) - **(npm)** only declare the configured package manager as a dependency by @jdx in [jdx#7995](jdx#7995) - **(upgrade)** respect use_locked_version when checking tracked configs by @jdx in [jdx#7997](jdx#7997) - ignore MISE_TOOL_VERSION in env var parsing by @jdx in [jdx#8004](jdx#8004) ### New Contributors - @corymhall made their first contribution in [jdx#7895](jdx#7895)
Summary
npm.rs::get_dependencies()to only return the package manager that's actually configured vianpm.package_managersettingnode,npm,bun,pnpm) as dependencies regardless of configuration, creating incorrect dependency edgesThis means when
npm.package_manager = "bun"and bothbunand an npm package are in[tools], runningmise installwill correctly install bun before the npm package.Note:
mise install <specific-tool>only installs the requested tool — it does not auto-install dependencies from config. Users should runmise install(no args) to install all missing tools in the correct order, or manually install dependencies first.Closes #7994
Test plan
cargo checkpassescargo test backend::npm::tests)🤖 Generated with Claude Code
Note
Medium Risk
Changes the dependency graph used to order tool installs, which can affect installation sequencing and potentially reintroduce or avoid circular-dependency edge cases depending on configuration.
Overview
Fixes
NPMBackend::get_dependencies()to declare onlynode,npm(for registry/version queries), and the configurednpm.package_manager(bun/pnpm) instead of always depending on all package managers.Adds explicit circular-dependency handling for
npm:npmand for installing the configured package manager itself, and updates unit tests to assert the new default dependency set.Written by Cursor Bugbot for commit 4e078a5. This will update automatically on new commits. Configure here.