[BUG] unexpected overriding peer dependency happen on incremental install

[dr-js]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

Currently for incremental install, top level peer may get a npm WARN ERESOLVE log and resolve by overriding, masking the peer dependency error.

For example when incremental install

npm install --strict-peer-deps react@16

from

test-install@0.0.0 /tmp/test/test-install-0
└─┬ test-pkg@0.0.0
  └─┬ react-dom@17.0.2 (peer)
    └── react@17.0.2 (peer)

to

test-install@0.0.0 /tmp/test/test-install-2
├─┬ react@16.14.0
└─┬ test-pkg@0.0.0
  └─┬ react-dom@17.0.2 (peer)
    └── react@16.14.0 deduped invalid: "17.0.2" from node_modules/react-dom (peer)

should report a peer dependency error

Expected Behavior

npm@8 should report error on peer dependency mismatch with --strict-peer-deps flag is set.
The result should pass npm ls --all as discussed before.

Steps To Reproduce

The bug may be related some specific package tree.

A script can be used for bug reproduction:
(with ci run result here)

[test-peer-dep.sh]

#!/usr/bin/env bash

SCRIPT_PATH="$(node -p "path.resolve(path.dirname(process.argv[ 1 ]))" "${BASH_SOURCE[0]}")" # Absolute directory path this script is in

echo "@@ os: $(node -p "process.platform + '-' + process.arch")"
echo "@@ node: $(node --version)"
echo "@@ npm: $(npm --version)"

set -xe # enable shell command log & exit on error

# folder reset
rm -rf "${SCRIPT_PATH}/test/"
mkdir "${SCRIPT_PATH}/test/"
cd "${SCRIPT_PATH}/test/"

# create local test packages
mkdir "${SCRIPT_PATH}/test/test-pkg/"
cat > "${SCRIPT_PATH}/test/test-pkg/package.json" << 'EOL'
{
  "name": "test-pkg",
  "version": "0.0.0",
  "peerDependencies": {
    "react-dom": "^17.0.2"
  }
}
EOL
( cd "${SCRIPT_PATH}/test/" && npm pack "./test-pkg/" ) # output as "test-pkg-0.0.0.tgz"

mkdir "${SCRIPT_PATH}/test/test-install/"
cat > "${SCRIPT_PATH}/test/test-install/package.json" << 'EOL'
{
  "name": "test-install",
  "version": "0.0.0",
  "dependencies": {
    "test-pkg": "../test-pkg-0.0.0.tgz"
  }
}
EOL

cp -a "${SCRIPT_PATH}/test/test-install/" "${SCRIPT_PATH}/test/test-install-0/"
cp -a "${SCRIPT_PATH}/test/test-install/" "${SCRIPT_PATH}/test/test-install-1/"
cp -a "${SCRIPT_PATH}/test/test-install/" "${SCRIPT_PATH}/test/test-install-2/"

( cd "${SCRIPT_PATH}/test/test-install-0/"
  npm install --strict-peer-deps
  node -p "['#'.repeat(64), '[PASS] base package can install', '#'.repeat(64) ].join('\n')"
)

( cd "${SCRIPT_PATH}/test/test-install-1/"
  npm install --strict-peer-deps react@16 || node -p "['#'.repeat(64), '[PASS] bad tree found on fresh install', '#'.repeat(64) ].join('\n')"
)

( cd "${SCRIPT_PATH}/test/test-install-2/"
  npm install --strict-peer-deps
  npm install --strict-peer-deps react@16
  npm ls --all || node -p "['#'.repeat(64), '[BUG] bad tree missed on incremental install', '#'.repeat(64) ].join('\n')"
)

A sample test log:

[linux-x64 + nodejs@17.3.1 + npm@8.5.0]

@@ os: linux-x64
@@ node: v17.3.1
@@ npm: 8.5.0
+ rm -rf /tmp/test/
+ mkdir /tmp/test/
+ cd /tmp/test/
+ mkdir /tmp/test/test-pkg/
+ cat
+ cd /tmp/test/
+ npm pack ./test-pkg/
npm notice 
npm notice 📦  test-pkg@0.0.0
npm notice === Tarball Contents === 
npm notice 103B package.json
npm notice === Tarball Details === 
npm notice name:          test-pkg                                
npm notice version:       0.0.0                                   
npm notice filename:      test-pkg-0.0.0.tgz                      
npm notice package size:  178 B                                   
npm notice unpacked size: 103 B                                   
npm notice shasum:        cce68b0d8e6aae9a3917dfb47abfca01289601d4
npm notice integrity:     sha512-OL0mq+limIjrc[...]OBud3RLKJBZ9Q==
npm notice total files:   1                                       
npm notice 
test-pkg-0.0.0.tgz
+ mkdir /tmp/test/test-install/
+ cat
+ cp -a /tmp/test/test-install/ /tmp/test/test-install-0/
+ cp -a /tmp/test/test-install/ /tmp/test/test-install-1/
+ cp -a /tmp/test/test-install/ /tmp/test/test-install-2/
+ cd /tmp/test/test-install-0/
+ npm install --strict-peer-deps

added 7 packages, and audited 8 packages in 3s

found 0 vulnerabilities
+ node -p '['\''#'\''.repeat(64), '\''[PASS] base package can install'\'', '\''#'\''.repeat(64) ].join('\''\n'\'')'
################################################################
[PASS] base package can install
################################################################
+ cd /tmp/test/test-install-1/
+ npm install --strict-peer-deps react@16
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: test-install@0.0.0
npm ERR! Found: react@16.14.0
npm ERR! node_modules/react
npm ERR!   react@"16" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"17.0.2" from react-dom@17.0.2
npm ERR! node_modules/react-dom
npm ERR!   peer react-dom@"^17.0.2" from test-pkg@0.0.0
npm ERR!   node_modules/test-pkg
npm ERR!     test-pkg@"../test-pkg-0.0.0.tgz" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --no-strict-peer-deps, --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /home/dr/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/dr/.npm/_logs/2022-02-16T05_24_06_763Z-debug-0.log
+ node -p '['\''#'\''.repeat(64), '\''[PASS] bad tree found on fresh install'\'', '\''#'\''.repeat(64) ].join('\''\n'\'')'
################################################################
[PASS] bad tree found on fresh install
################################################################
+ cd /tmp/test/test-install-2/
+ npm install --strict-peer-deps

added 7 packages, and audited 8 packages in 1s

found 0 vulnerabilities
+ npm install --strict-peer-deps react@16
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: test-install@0.0.0
npm WARN Found: react@17.0.2
npm WARN node_modules/react
npm WARN   peer react@"17.0.2" from react-dom@17.0.2
npm WARN   node_modules/react-dom
npm WARN     peer react-dom@"^17.0.2" from test-pkg@0.0.0
npm WARN     node_modules/test-pkg
npm WARN   1 more (the root project)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer react@"17.0.2" from react-dom@17.0.2
npm WARN node_modules/react-dom
npm WARN   peer react-dom@"^17.0.2" from test-pkg@0.0.0
npm WARN   node_modules/test-pkg

added 2 packages, changed 1 package, and audited 10 packages in 2s

found 0 vulnerabilities
+ npm ls --all
test-install@0.0.0 /tmp/test/test-install-2
├─┬ react@16.14.0
│ ├─┬ loose-envify@1.4.0
│ │ └── js-tokens@4.0.0
│ ├── object-assign@4.1.1
│ └─┬ prop-types@15.8.1
│   ├── loose-envify@1.4.0 deduped
│   ├── object-assign@4.1.1 deduped
│   └── react-is@16.13.1
└─┬ test-pkg@0.0.0
  └─┬ react-dom@17.0.2
    ├── loose-envify@1.4.0 deduped
    ├── object-assign@4.1.1 deduped
    ├── react@16.14.0 deduped invalid: "17.0.2" from node_modules/react-dom
    └─┬ scheduler@0.20.2
      ├── loose-envify@1.4.0 deduped
      └── object-assign@4.1.1 deduped

npm ERR! code ELSPROBLEMS
npm ERR! invalid: react@16.14.0 /tmp/test/test-install-2/node_modules/react

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/dr/.npm/_logs/2022-02-16T05_24_10_632Z-debug-0.log
+ node -p '['\''#'\''.repeat(64), '\''[BUG] bad tree missed on incremental install'\'', '\''#'\''.repeat(64) ].join('\''\n'\'')'
################################################################
[BUG] bad tree missed on incremental install
################################################################

Environment

• npm: 8.4.1, 8.5.0
• Node.js: 16/17
• OS Name: linux/win32/darwin
• System Model Name: -
• npm config: -