Part of #9608.
Is there an existing issue for this?
This issue exists in the latest npm version
This is not just a request to bump a dependency for a CVE
Current Behavior
Under install-strategy=linked, a direct registry dependency is reported by npm query with its node_modules/.store/<key>/node_modules/<pkg> backing path as its location, instead of the logical node_modules/<pkg> edge location. The hoisted strategy reports the logical location. This breaks tooling that consumes npm query locations.
Expected Behavior
npm query should report the logical dependency location (node_modules/<pkg>) for direct dependencies under the linked strategy, matching the hoisted strategy.
Steps To Reproduce
cd "$(mktemp -d)"
echo 'install-strategy=linked' > .npmrc
echo '{ "name": "q", "version": "1.0.0", "dependencies": { "abbrev": "2.0.0" } }' > package.json
npm install >/dev/null
npm query ':root > *'
# linked: "location": "node_modules/.store/abbrev@2.0.0-<hash>/node_modules/abbrev"
# hoisted: "location": "node_modules/abbrev"Environment
- npm: 12.0.0-pre.1 (
latest)
- Node.js: v24.17.0
- OS Name: macOS (Darwin 25.5.0)
- System Model Name: MacBook (arm64)
- npm config:
Part of #9608.
Is there an existing issue for this?
This issue exists in the latest npm version
This is not just a request to bump a dependency for a CVE
Current Behavior
Under
install-strategy=linked, a direct registry dependency is reported bynpm querywith itsnode_modules/.store/<key>/node_modules/<pkg>backing path as itslocation, instead of the logicalnode_modules/<pkg>edge location. The hoisted strategy reports the logical location. This breaks tooling that consumesnpm querylocations.Expected Behavior
npm queryshould report the logical dependency location (node_modules/<pkg>) for direct dependencies under the linked strategy, matching the hoisted strategy.Steps To Reproduce
Environment
latest)install-strategy=linked