Why is node-sass being built when I upgrade from npm6 to npm7?

Question

My app uses sass, not node-sass. node-sass is nowhere in my package-lock.json.

I'm currently using npm 6 and everything is working fine and has been for years.

When I try to npm install with npm 7, it fails with the below error.

What's going on? Maybe node-sass is a dev dependency of something else and being built?

npm ERR! npm ERR! code 1
npm ERR! npm ERR! path /Users/john/.npm/_cacache/tmp/git-clonenbaf30/node_modules/node-sass
npm ERR! npm ERR! command failed
npm ERR! npm ERR! command sh -c node scripts/build.js
npm ERR! npm ERR! Building: /opt/local/bin/node /Users/john/.npm/_cacache/tmp/git-clonenbaf30/node_modules/node-gyp/bin/node-gyp.js rebuild --verbose --libsass_ext= --libsass_cflags= --libsass_ldflags= --libsass_library=
npm ERR! npm ERR!   c++ '-DNODE_GYP_MODULE_NAME=libsass' '-DUSING_UV_SHARED=1' '-DUSING_V8_SHARED=1' '-DV8_DEPRECATION_WARNINGS=1' '-DV8_DEPRECATION_WARNINGS' '-DV8_IMMINENT_DEPRECATION_WARNINGS' '-D_DARWIN_USE_64_BIT_INODE=1' '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '-DLIBSASS_VERSION="3.3.6"' -I/Users/john/.node-gyp/14.18.3/include/node -I/Users/john/.node-gyp/14.18.3/src -I/Users/john/.node-gyp/14.18.3/deps/uv/include -I/Users/john/.node-gyp/14.18.3/deps/v8/include -I../src/libsass/include  -O3 -gdwarf-2 -mmacosx-version-min=10.7 -arch arm64 -Wall -Wendif-labels -W -Wno-unused-parameter -std=c++11 -stdlib=libc++ -fno-strict-aliasing -MMD -MF ./Release/.deps/Release/obj.target/libsass/src/libsass/src/eval.o.d.raw   -c -o Release/obj.target/libsass/src/libsass/src/eval.o ../src/libsass/src/eval.cpp
### above line repeated many times
npm ERR! npm ERR!

Answer 1

You might be using a version of Node or npm that are not compatible with the version of node-sass that is being pulled. node-sass publishes this table that shows the range of supported versions for any toolchain version. If one of your dependencies is pulling node-sass, you could force your desired version by explicitly specifying node-sass as a direct dependency. You could also consider upgrading Node or npm as an alternative.

Answer 2

To see what would happen I tried npm install --package-lock-only, and it succeeded. I could then see the dependency tree. node_modules/sass-loader has node-sass as a peer dependency.

npm7 installs peer dependencies by default and doesn't allow getting into an ambiguous state. (more info: https://stackoverflow.com/a/22004559/168143 )

So, that's why this was happening. I don't know if I wasn't reading the stack trace well enough or if there is some other standard way for me to have figured out what had the dependencies. I'll leave this question without an accepted answer just in case someone has a smarter way to diagnose this sort of thing.