[BUG] NPM tries to install transitive dependency from incorrect registry when scope override is present #5915
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
I have an .npmrc with two registries configured:
- A private registry configured as default (i.e. not scoped)
- The public
https://registry.npmjs.org/configured for a specific scope@scope-a
I am trying to install @scope-a/package-a, which also has a dependency on @scope-a/package-b.
The install fails, because it tries to fetch the transitive dependency @scope-a/package-b from the private registry instead of the public registry configured for that scope. From the logs, it appears that some initial calls (to get available versions) are made to the correct (public) registry, but then the call to fetch the package content is made instead to the incorrect (private) registry, which doesn't have that package+version, and so the install fails.
Expected Behavior
@scope-a/package-b should be installed from the public registry.
Steps To Reproduce
See above/below
Environment
- npm: tried with multiple versions of 8 and 9, happens for all. The configuration works with npm 6
- Node.js: 14.19.1
- OS Name: MacOS 12.6.1
- System Model Name: Macbook Pro
- npm config:
registry=https://[private-repo-url]/
//[private-repo-url]/:_authToken=[token]
@scope-a:registry=https://registry.npmjs.org/