Skip to content

fix: fix npm ci failing with EBADPLATFORM due to npm 11 bug#7798

Merged
ndhoule merged 3 commits intomainfrom
fix/7769
Nov 26, 2025
Merged

fix: fix npm ci failing with EBADPLATFORM due to npm 11 bug#7798
ndhoule merged 3 commits intomainfrom
fix/7769

Conversation

@serhalp
Copy link
Copy Markdown
Member

@serhalp serhalp commented Nov 26, 2025

Summary

v23.10.0 introduced a bug where a user with netlify-cli in their package.json dependencies (or dev deps) who ran npm ci encountered an error like this:

npm error code EBADPLATFORM
npm error notsup Unsupported platform for @rollup/rollup-android-arm-eabi@4.52.2: wanted {"os":"android","cpu":"arm"} (current: {"os":"darwin","cpu":"arm64"})
npm error notsup Valid os:   android
npm error notsup Actual os:  darwin
npm error notsup Valid cpu:  arm
npm error notsup Actual cpu: arm64

Strictly speaking, we didn't introduce a bug, but we happened to introduce the necessary conditions to trigger an existing, latent npm CLI bug.

This PR fixes that bug and introduces multiple guardrails to prevent this type of issue in the future.

You can confirm with this prerelease: netlify-cli@23.11.1-pre.fa6e4b9.

Fixes #7769.

Details

290a34d fix(npm-shrinkwrap.json): update lockfile

The lockfile (which becomes npm-shrinkwrap.json in the published package) is out of sync. I just ran npm i with the expected npm version (10) and this is the result.

Surprisingly, this is the root of the bug. The published shrinkwrap file was effectively corrupted, due to a bug in npm v11, and this happened because... ⤵

8a159be ci: downgrade to npm@10 when publishing and updating deps

In #7746 we updated GitHub Actions CI workflows to use node.js 24. Node.js 24 comes bundled with npm 11. This means the next release workflow after this PR started running npm commands with npm 11. This, as well as Renovate itself using npm 11 (inspect the lockfile diff closely) resulted in corrupting the lockfile.

To be more specific, I believe we're running into a variation on npm/cli#8767. But we've also struggled with other npm 11 lockfile bugs recently anyway: netlify/build#6640. We should avoid npm 11 altogether for now.

1088b53 test(e2e): verify npm ci runs successfully in a project depending on netlify-cli

This will prevent reintroducing the conditions to hit this npm cli bug.

Follow-ups

I had #7799 in this PR initially, but I pulled it out to get the fixes above out asap.


Co-authored-by: Nathan Houle nathan@nathanhoule.com

The lockfile (which becomes `npm-shrinkwrap.json` in the published package) is out of sync. I just
ran `npm i` with the expected npm version (10) and this is the result.
@github-actions
Copy link
Copy Markdown

github-actions bot commented Nov 26, 2025

📊 Benchmark results

Comparing with 237c3bc

  • Dependency count: 1,044 (no change)
  • Package size: 304 MB ⬇️ 0.00% decrease vs. 237c3bc
  • Number of ts-expect-error directives: 378 (no change)

@serhalp serhalp force-pushed the fix/7769 branch 2 times, most recently from 1bdaa89 to 1088b53 Compare November 26, 2025 16:19
@serhalp serhalp marked this pull request as ready for review November 26, 2025 23:01
@serhalp serhalp requested a review from a team as a code owner November 26, 2025 23:01
@ndhoule ndhoule enabled auto-merge (rebase) November 26, 2025 23:12
@ndhoule ndhoule merged commit 60b8a1c into main Nov 26, 2025
153 of 160 checks passed
@ndhoule ndhoule deleted the fix/7769 branch November 26, 2025 23:13
fabianrbz added a commit to Kong/developer.konghq.com that referenced this pull request Dec 9, 2025
fabianrbz added a commit to Kong/developer.konghq.com that referenced this pull request Dec 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Shrinkwrap + npm bug + rollup's os-specific subpackages make it impossible to npm ci when using netlify-cli as a local dependency

2 participants