[BUG] npm install replaces links with downloaded modules

[j1elo]

---- EDIT 2021-05-10: Added how to reproduce in comment below.

npm install replaces link with downloaded module

Current Behavior

After running npm link, a symlink is created to the target dependency. Afterwards, other npm commands such as npm install will break the mentioned link:

# ("openvidu-browser" is a global link that has
# been previously created with `sudo npm link`...)

$ npm link openvidu-browser
$ ls -l node_modules | grep openvidu-browser
openvidu-browser -> ../../../openvidu-generateOffer/openvidu-browser
# (Any other install command)
$ npm install --no-save @ionic/cli

# Show the bug: "openvidu-browser" is now a downloaded dependency (following what is defined in package.json)
# instead of the expected symlink to a local version of the dependency.
$ ls -l node_modules | grep openvidu-browser
openvidu-browser # UNEXPECTED: NOT A LINK

Expected Behavior

After running npm link, a symlink is created to the target dependency. Afterwards, other npm commands such as npm install don't alter the mentioned link:

# ("openvidu-browser" is a global link that has
# been previously created with `sudo npm link`...)

$ npm link openvidu-browser
$ ls -l node_modules | grep openvidu-browser
openvidu-browser -> ../../../openvidu-generateOffer/openvidu-browser
# (Any other install command)
$ npm install --no-save @ionic/cli

# Show the expected behavior: "openvidu-browser" is still a symlink to a local version of the dependency.
$ ls -l node_modules | grep openvidu-browser
openvidu-browser -> ../../../openvidu-generateOffer/openvidu-browser

Description

For context, this is a well-known and long-standing bug that has been causing confusion to users and has been reported multiple times in the past. Here are some relevant or related reports:

• npm install after npm link deletes linked module dependencies in it's node_modules folder #17287. Repo archived. Issue ignored. Closed without a fix, for a future overhaul on npm@7.

• npm install after npm link will "steal" dependencies from linked packages #10343. Repo archived. Issue ignored. Closed without a fix, for a future overhaul on npm@7.

• npm 5 dedupes even in linked modules #16788. Still open but repo archived.

• Npm deletes stuff from linked module’s node_modules. Again, forums were archived.

• Sometimes npm install deletes linked module, replaces it with downloaded module.

Some of these reports were closed with the conclusion that the issue would definitely not be fixed in current versions (<= 6) of NPM, and instead a fix would be postponed for a future NPM v7, citing "an overhaul of how npm link works" and this RFC.

After bumping into this bug today, recollecting all this information, and updating my NPM version to 7.2.0, I was surprised to find that links are still lost when any further install operation is done after running npm link.

So I guess the question is: was this really fixed with NPM 7 and is now a regression?

Environment:

• OS: Ubuntu 18.04
• Node: Tested on v14 and v15
• npm: 7.2.0

[j1elo]

In case this could be helpful for anyone, I was able to work around this issue by using npm install <path> instead of npm link:

cd /path/to/my-dependency
npm install && npm run build

cd /path/to/my-project
npm install /path/to/my-dependency
npm install

[nlf]

we've made some changes with regards to how linked modules are handled, can you try updating to the latest release 7.5.2 and let us know if you still experience this problem?