Part of #9608.
Is there an existing issue for this?
This issue exists in the latest npm version
This is not just a request to bump a dependency for a CVE
Current Behavior
When a root manifest extension (packageExtensions or .npm-extension transformManifest) adds an optionalDependencies entry to a package, the optional dependency is correctly materialized under install-strategy=linked (symlinked into the consumer's store node_modules, resolves at runtime), but npm ls reports it as UNMET OPTIONAL DEPENDENCY. The hoisted strategy reports it as installed. A normal (non-extension) optional dependency reports correctly under linked, and extension-added required/peer dependencies also report correctly — only the extension + optional combination misreports.
Expected Behavior
An extension-added optional dependency that is installed should be reported as present (not UNMET) by npm ls under the linked strategy, matching the hoisted strategy.
Steps To Reproduce
cd "$(mktemp -d)"
echo 'install-strategy=linked' > .npmrc
cat > package.json <<'EOF'
{ "name": "po", "version": "1.0.0", "dependencies": { "is-odd": "3.0.1" },
"packageExtensions": { "is-odd@3": { "optionalDependencies": { "abbrev": "^2.0.0" } } } }
EOF
npm install >/dev/null
# materialized correctly:
ls node_modules/.store/is-odd@*/node_modules/abbrev # present (symlink)
node -e 'const p=require.resolve("is-odd"); require.resolve("abbrev",{paths:[p]}); console.log("resolves OK")'
# but npm ls misreports:
npm ls --all
# linked: is-odd@3.0.1 -> ... ├── UNMET OPTIONAL DEPENDENCY abbrev@^2.0.0 (incorrect)
# hoisted: is-odd@3.0.1 ├── abbrev@2.0.0 (correct)Environment
- npm: 12.0.0-pre.1 (
latest)
- Node.js: v24.17.0
- OS Name: macOS (Darwin 25.5.0)
- System Model Name: MacBook (arm64)
- npm config:
Part of #9608.
Is there an existing issue for this?
This issue exists in the latest npm version
This is not just a request to bump a dependency for a CVE
Current Behavior
When a root manifest extension (
packageExtensionsor.npm-extensiontransformManifest) adds anoptionalDependenciesentry to a package, the optional dependency is correctly materialized underinstall-strategy=linked(symlinked into the consumer's storenode_modules, resolves at runtime), butnpm lsreports it asUNMET OPTIONAL DEPENDENCY. The hoisted strategy reports it as installed. A normal (non-extension) optional dependency reports correctly under linked, and extension-added required/peer dependencies also report correctly — only the extension + optional combination misreports.Expected Behavior
An extension-added optional dependency that is installed should be reported as present (not
UNMET) bynpm lsunder the linked strategy, matching the hoisted strategy.Steps To Reproduce
Environment
latest)install-strategy=linked