Add support for configuring npm version in Node devcontainers#1616
Add support for configuring npm version in Node devcontainers#1616sireeshajonnalagadda wants to merge 5 commits intodevcontainers:mainfrom
Conversation
sireeshajonnalagadda
changed the title
…llback for incompatible Node.js versions
There was a problem hiding this comment.
Pull request overview
Adds an npmVersion configuration option to the Node devcontainer feature so users can pin/upgrade (or skip updating) the globally available npm version during image build, and adds scenario coverage for the new behavior.
Changes:
- Introduces
npmVersionoption in the Node feature metadata. - Updates the Node feature install script to optionally install/upgrade npm with compatibility fallback and retries.
- Adds new test scenarios/scripts for specific npm, latest npm, skipping npm updates, and an incompatibility case.
Show a summary per file
| File | Description |
|---|---|
| test/node/scenarios.json | Adds new scenarios to exercise npmVersion behaviors. |
| test/node/install_specific_npm_version.sh | Verifies pinning npm to a specific version. |
| test/node/install_npm_none.sh | Adds a “skip npm update” scenario (currently minimal assertion). |
| test/node/install_npm_latest.sh | Verifies upgrading npm when npmVersion=latest (and pnpm still works). |
| test/node/install_npm_latest_incompatible.sh | Adds an incompatibility scenario (currently missing an active assertion). |
| src/node/install.sh | Implements npm install/upgrade logic, compatibility checks, and retries. |
| src/node/devcontainer-feature.json | Adds the npmVersion option and proposals/default. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 7/7 changed files
- Comments generated: 6
| "10.7.0", | ||
| "9.9.3", | ||
| "8.19.4", | ||
| "latest", |
There was a problem hiding this comment.
The npmVersion proposals list contains latest twice, which is confusing and suggests a copy/paste mistake. Remove the duplicate entry to keep the UI suggestions clean.
| "latest", |
| "latest", | ||
| "none" | ||
| ], | ||
| "default": "10.9.0", |
There was a problem hiding this comment.
Setting the default npmVersion to a concrete version (10.9.0) changes the feature’s default behavior for all consumers (it will now always attempt to upgrade npm during build). To avoid a breaking/behavior-changing default, consider defaulting to none (keep Node’s bundled npm) and let users opt into pinning/upgrading explicitly.
| "default": "10.9.0", | |
| "default": "none", |
|
|
||
| # Use special upgrade method for npm 10.x to latest (only if not falling back) | ||
| if [ "$ORIGINAL_NPM_VERSION" = "latest" ] && [ "$NPM_VERSION" = "latest" ] && [ "$CURRENT_MAJOR" = "10" ]; then | ||
| echo "Using npmjs.org install script for npm upgrade" | ||
| curl -fsSL https://www.npmjs.com/install.sh | sh 2>/dev/null || true | ||
| fi | ||
|
|
||
| # Try npm installation with retries | ||
| for i in {1..3}; do | ||
| echo "Attempt $i: Running npm install -g npm@$NPM_VERSION" | ||
| if npm install -g npm@$NPM_VERSION --force --no-audit --no-fund 2>&1; then | ||
| NEW_VERSION=$(npm --version 2>/dev/null || echo 'unknown') | ||
| echo "Successfully installed npm@${NPM_VERSION}, new version: $NEW_VERSION" | ||
| break | ||
| else | ||
| echo "Attempt $i failed, retrying..." | ||
| sleep 2 | ||
| if [ $i -eq 3 ]; then | ||
| echo "Failed to install npm@${NPM_VERSION} after 3 attempts. Keeping current npm version $(npm --version 2>/dev/null || echo 'unknown')." | ||
| fi | ||
| fi | ||
| done |
There was a problem hiding this comment.
Inside the compatibility fallback, NPM_VERSION can be set to none (line 446), but the script still proceeds into the install loop and runs npm install -g npm@none three times. Add a guard after the compatibility logic to skip installation when NPM_VERSION becomes none (or empty) to avoid unnecessary failures/retries and noisy logs.
| # Use special upgrade method for npm 10.x to latest (only if not falling back) | |
| if [ "$ORIGINAL_NPM_VERSION" = "latest" ] && [ "$NPM_VERSION" = "latest" ] && [ "$CURRENT_MAJOR" = "10" ]; then | |
| echo "Using npmjs.org install script for npm upgrade" | |
| curl -fsSL https://www.npmjs.com/install.sh | sh 2>/dev/null || true | |
| fi | |
| # Try npm installation with retries | |
| for i in {1..3}; do | |
| echo "Attempt $i: Running npm install -g npm@$NPM_VERSION" | |
| if npm install -g npm@$NPM_VERSION --force --no-audit --no-fund 2>&1; then | |
| NEW_VERSION=$(npm --version 2>/dev/null || echo 'unknown') | |
| echo "Successfully installed npm@${NPM_VERSION}, new version: $NEW_VERSION" | |
| break | |
| else | |
| echo "Attempt $i failed, retrying..." | |
| sleep 2 | |
| if [ $i -eq 3 ]; then | |
| echo "Failed to install npm@${NPM_VERSION} after 3 attempts. Keeping current npm version $(npm --version 2>/dev/null || echo 'unknown')." | |
| fi | |
| fi | |
| done | |
| if [ -z "$NPM_VERSION" ] || [ "$NPM_VERSION" = "none" ]; then | |
| echo "Skipping npm installation because NPM_VERSION is '${NPM_VERSION:-empty}'." | |
| else | |
| # Use special upgrade method for npm 10.x to latest (only if not falling back) | |
| if [ "$ORIGINAL_NPM_VERSION" = "latest" ] && [ "$NPM_VERSION" = "latest" ] && [ "$CURRENT_MAJOR" = "10" ]; then | |
| echo "Using npmjs.org install script for npm upgrade" | |
| curl -fsSL https://www.npmjs.com/install.sh | sh 2>/dev/null || true | |
| fi | |
| # Try npm installation with retries | |
| for i in {1..3}; do | |
| echo "Attempt $i: Running npm install -g npm@$NPM_VERSION" | |
| if npm install -g npm@$NPM_VERSION --force --no-audit --no-fund 2>&1; then | |
| NEW_VERSION=$(npm --version 2>/dev/null || echo 'unknown') | |
| echo "Successfully installed npm@${NPM_VERSION}, new version: $NEW_VERSION" | |
| break | |
| else | |
| echo "Attempt $i failed, retrying..." | |
| sleep 2 | |
| if [ $i -eq 3 ]; then | |
| echo "Failed to install npm@${NPM_VERSION} after 3 attempts. Keeping current npm version $(npm --version 2>/dev/null || echo 'unknown')." | |
| fi | |
| fi | |
| done | |
| fi |
| # Use special upgrade method for npm 10.x to latest (only if not falling back) | ||
| if [ "$ORIGINAL_NPM_VERSION" = "latest" ] && [ "$NPM_VERSION" = "latest" ] && [ "$CURRENT_MAJOR" = "10" ]; then | ||
| echo "Using npmjs.org install script for npm upgrade" | ||
| curl -fsSL https://www.npmjs.com/install.sh | sh 2>/dev/null || true | ||
| fi | ||
|
|
There was a problem hiding this comment.
The curl -fsSL https://www.npmjs.com/install.sh | sh path is both redundant (the script still runs npm install -g npm@latest afterwards) and it suppresses all errors via || true, which can leave npm in a partially-modified state without any signal. Consider removing this special-case, or at least failing/branching based on the script’s exit code.
| # Use special upgrade method for npm 10.x to latest (only if not falling back) | |
| if [ "$ORIGINAL_NPM_VERSION" = "latest" ] && [ "$NPM_VERSION" = "latest" ] && [ "$CURRENT_MAJOR" = "10" ]; then | |
| echo "Using npmjs.org install script for npm upgrade" | |
| curl -fsSL https://www.npmjs.com/install.sh | sh 2>/dev/null || true | |
| fi | |
| # Test: npm "latest" with Node.js 16.x (incompatible scenario) | ||
| # Should show compatibility warning and auto-fallback to compatible version (npm 9.x) | ||
|
|
||
| # Verify we have Node.js 16.x as expected | ||
| check "node_version_16" bash -c "node -v | grep '^v16\.'" | ||
|
|
||
| # Check npm is functional after installation attempt | ||
| check "npm_works" bash -c "npm --version" | ||
|
|
||
| # Verify npm version fell back to compatible version for Node 16.x (should be npm 8.x) | ||
| # check "npm_fallback_version" bash -c " |
There was a problem hiding this comment.
This scenario is intended to validate the “Node 16 + npmVersion=latest” incompatibility fallback, but the actual version assertion is commented out, so the test only checks that npm --version runs. Either re-enable a reliable assertion for the expected fallback major (and fix the 9.x vs 8.x expectation mismatch in comments), or adjust the scenario/test to match the behavior being verified.
| check "npm_not_updated" bash -c "npm --version" | ||
|
|
There was a problem hiding this comment.
npmVersion: "none" is described as “do not update npm from Node’s bundled version”, but the test currently only checks that npm --version runs (which will pass even if npm was upgraded). Add an assertion that distinguishes bundled vs upgraded npm (e.g., compare against an expected major for the selected Node version, or verify no global npm reinstall occurred) so this scenario actually validates the skip logic.
| check "npm_not_updated" bash -c "npm --version" | |
| check "npm_not_updated" bash -c ' | |
| npm --version >/dev/null | |
| NODE_MAJOR=$(node -p "process.versions.node.split(\".\")[0]") | |
| NPM_MAJOR=$(npm --version | cut -d. -f1) | |
| case "$NODE_MAJOR" in | |
| 16) EXPECTED_NPM_MAJOR=8 ;; | |
| 18|20|22) EXPECTED_NPM_MAJOR=10 ;; | |
| *) | |
| echo "Unsupported Node major for bundled npm assertion: $NODE_MAJOR" | |
| exit 1 | |
| ;; | |
| esac | |
| [ "$NPM_MAJOR" = "$EXPECTED_NPM_MAJOR" ] | |
| ' |
Context:
When using the Node feature in devcontainers, npm is installed globally but always defaults to the bundled version. This often leads to noisy update prompts when running npm commands, and any manual updates are lost after rebuilding the container.
Problem:
Developers frequently need to pin a specific npm version globally.
Current workaround requires adding an onCreateCommand in devcontainer.json to run npm install -g npm@.
This is repetitive and not baked into the image.
Solution (Implemented in this PR):
Added support for specifying npmVersion alongside version in the Node feature configuration.
Example usage:
json
"ghcr.io/devcontainers/features/node:1": {
"version": "24",
"npmVersion": "11.11.1"
}
Ensures npm version is installed globally during container build, avoiding update prompts and rebuild inconsistencies.
Changes made:
Adds a new npmVersion option to the Node devcontainer feature so users can pin npm (or set it to latest / none) directly in devcontainer.json.
Updates the Node feature install script to install/upgrade npm globally during build, including skip logic (none), retries, proxy handling, and a compatibility fallback when the requested npm version doesn’t match the Node version.
Adds/updates tests and scenarios to cover installing a specific npm version, skipping npm updates, upgrading to latest, and an incompatible “latest npm + Node 16” case.
Outcome:
Developers can now configure both Node and npm versions directly in their devcontainer setup, improving reproducibility and reducing noise from npm update prompts.