Skip to content

pnpm install fails for cdxgen #10909

New issue
New issue
Closed
#10996
#10927
Closed
pnpm install fails for cdxgen#10909
#10996
#10927
@gepbird

Description

@gepbird
gepbird
opened on Mar 8, 2026

Last pnpm version that worked

10.30.3

pnpm version

10.31.0

Code to reproduce the issue

  1. pnpm config set manage-package-manager-versions false
  2. git clone [email protected]:CycloneDX/cdxgen && cd cdxgen
  3. npx [email protected] install, install works, lockfile doesn't change
  4. npx [email protected] install, install fails, lockfile changes.

Expected behavior

I expect the install command to work after a minor release bump, or at least be documented in the changelog as breaking.
I also expect that the existing lockfiles work for future pnpm releases with the same major version with --frozen-lockfile.

Actual behavior

It fails to install.

Sometimes it tells me that many packages were added and updates the lockfile before exiting:

cdxgen ❯ npx [email protected] install
Need to install the following packages:
[email protected]
Ok to proceed? (y) y

Scope: all 10 workspace projects
test/data/package-json/v1                |  WARN  deprecated [email protected]
test/data/package-json/v1                |  WARN  deprecated [email protected]
test/data/package-json/v1                |  WARN  deprecated [email protected]
test/data/package-json/v1                |  WARN  deprecated [email protected]
test/data/package-json/v1                |  WARN  deprecated [email protected]
test/data/package-json/v2-workspace      |  WARN  deprecated [email protected]
 WARN  28 deprecated subdependencies found: @humanwhocodes/[email protected], @humanwhocodes/[email protected], @mui/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Packages: +1263 -1
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
Progress: resolved 1691, reused 1540, downloaded 31, added 1263, done
test/data/package-json/v2-workspace postinstall$ husky install && node ./scripts/postinstall.js
│ husky - .git can't be found (see https://typicode.github.io/husky/#/?id=custom-directory)
└─ Failed in 57ms at /home/gep/forks/cdxgen/test/data/package-json/v2-workspace
 ELIFECYCLE  Command failed with exit code 1.

Sometimes it says "Already up to date", then fails:

cdxgen ❯ npx [email protected] install
Scope: all 10 workspace projects
test/data/package-json/v1                |  WARN  deprecated [email protected]
test/data/package-json/v1                |  WARN  deprecated [email protected]
test/data/package-json/v1                |  WARN  deprecated [email protected]
test/data/package-json/v1                |  WARN  deprecated [email protected]
test/data/package-json/v1                |  WARN  deprecated [email protected]
test/data/package-json/v2-workspace      |  WARN  deprecated [email protected]
 WARN  28 deprecated subdependencies found: @humanwhocodes/[email protected], @humanwhocodes/[email protected], @mui/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Already up to date
Progress: resolved 1691, reused 1571, downloaded 0, added 0, done
test/data/package-json/v2-workspace postinstall$ husky install && node ./scripts/postinstall.js
│ husky - .git can't be found (see https://typicode.github.io/husky/#/?id=custom-directory)
└─ Failed in 52ms at /home/gep/forks/cdxgen/test/data/package-json/v2-workspace
 ELIFECYCLE  Command failed with exit code 1.

Additional information

There was a similar issue that I noticed with the same package in the past: #10571.

Node.js version

v24.13.0

Operating System

Linux

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions