[BUG] Prune command adds packages?

[johenning]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

Same behavior as #2509, npm prune adds dependencies but the documentation only says: This command removes "extraneous" packages.

Expected Behavior

npm prune only removes extraneous packages and does not add any.

Steps To Reproduce

1. Minimal example project

$ cat package.json
{
  "dependencies": {
    "axios": "^1.6.2"
  },
  "devDependencies": {
    "eslint": "^8.55.0"
  }
}

2. Install dependencies, remove code from productive one, prune

$ npm i
$ rm node_modules/axios/* -r
$ npm prune --production --dry-run --json

3. Observe "adding" of dependencies

{
  "added": 99,
  "removed": 0,
  "changed": 1,
  "audited": 0,
  "funding": 24
}

or alternatively without dry run:

$ npm i

added 99 packages, changed 1 package, and audited 109 packages in 638ms

24 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
$ rm node_modules/axios/* -r
$ ls node_modules/axios/
$ npm prune --production
npm WARN config production Use `--omit=dev` instead.

changed 1 package, and audited 10 packages in 541ms

1 package is looking for funding
  run `npm fund` for details

found 0 vulnerabilities
$ ls node_modules/axios/
CHANGELOG.md  LICENSE  MIGRATION_GUIDE.md  README.md  SECURITY.md  dist  index.d.cts  index.d.ts  index.js  lib  package.json

Environment

• npm: 10.2.3
• Node.js: 20.10.0
• OS Name: Ubuntu 22.04.3 LTS
• npm config:

; node bin location = /home/jhenning/.nvm/versions/node/v20.10.0/bin/node
; node version = v20.10.0
; npm local prefix = /home/jhenning/issue_test
; npm version = 10.2.3
; cwd = /home/jhenning/issue_test
; HOME = /home/jhenning
; Run `npm config ls -l` to show all defaults.

[rj-wowza]

On 10.5.0 same experience. npm prune --dry-run results in hundreds of packages being added.

I am trying to resolve npm update removing dependencies.

[milaninfy]

npm prune command will leave node_modules tree in valid state, since your tree have missing packages it first tries to fix that by adding those packages to make the tree valid and then prunes for extra packages. Currently it's working as intended.

[johenning]

Currently it's working as intended.

Currently its not working as described in the documentation. So either its not working as intended or its intended for the documentation to be incorrect.

npm prune command will leave node_modules tree in valid state, since your tree have missing packages it first tries to fix that by adding those packages to make the tree valid and then prunes for extra package

Might I suggest adding this explanation to the documentation? Because there is no mention of it adding packages

This command removes "extraneous" packages. If a package name is provided, then only packages matching one of the supplied names are removed.
Extraneous packages are those present in the node_modules folder that are not listed as any package's dependency list.

https://docs.npmjs.com/cli/v10/commands/npm-prune