Description of problem:

When the nodejs major version is changed, ownership of files installed in %nodejs_sitearch and %nodejs_sitelib is lost and rpm can not keep track of them.

1. nodejs version is X, /usr/lib/node_modules is symlink to /usr/lib/node_modules_x
2. Package pkg installs module in /usr/lib/node_modules/pkg that end up in
   /usr/lib/node_modules_X/pkg due to the symlink
3. nodejs is updated to version X+1, /usr/lib/node_modules in now symlink to
   /usr/lib/node_modules_X+1
4. Package pkg installed in point 2 should according to rpm now still own files in
   /usr/lib/node_modules/pkg, however since a symlink in this path changed due to
   the update in point 3 the files no longer exist in the location registered in rpm.
   The package is no longer functional and rpm reports missing files for the package.
   The files that were installed are now zombies lost by the package management
   system and will never be cleaned up.

Version-Release number of selected component (if applicable):

nodejs-packaging-2021.06-6.fc37
nodejs-packaging-2022.10-2.fc38

How reproducible:
Always

Steps to Reproduce:
1. See above

Actual results:
Zombie files not tracked by rpm.
Broken packages with missing files.

Expected results:
Files properly tracked by rpm.
No broken packages with missing files.

Additional info:

Possible fix:
The %nodejs_sitearch and %nodejs_sitelib macros should be updated to contain the versioned directory name. This is similar to %python3_sitearch and %python3_sitelib.

After a recent update of nodejs I have broken packages:

$ LANG=C rpm -V uglify-js
missing     /usr/lib/node_modules/uglify-js
missing     /usr/lib/node_modules/uglify-js@3
missing     /usr/lib/node_modules/uglify-js@3/bin
missing     /usr/lib/node_modules/uglify-js@3/bin/uglifyjs
missing     /usr/lib/node_modules/uglify-js@3/lib
missing     /usr/lib/node_modules/uglify-js@3/package.json
missing     /usr/lib/node_modules/uglify-js@3/tools
missing     /usr/lib/node_modules/uglify-js@3/tools/domprops.html
missing     /usr/lib/node_modules/uglify-js@3/tools/domprops.json
missing     /usr/lib/node_modules/uglify-js@3/tools/exports.js
missing     /usr/lib/node_modules/uglify-js@3/tools/node.js
missing     /usr/lib/node_modules/uglify-js@3/tools/tty.js

The scenario here was slightly different from the one described above since this was not an update that changed the symlink to a new target, but the update that introduced the symlink replacing the existing directory with a symlink in its pretrans scriptlet:

$ rpm -q nodejs --scripts
pretrans scriptlet (using <lua>):
path = "/usr/lib/node_modules"
st = posix.stat(path)
if st and st.type == "directory" then
  status = os.rename(path, path .. ".rpmmoved")
  if not status then
    suffix = 0
    while not status do
      suffix = suffix + 1
      status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
    end
    os.rename(path, path .. ".rpmmoved")
  end
end

The main cause is the same though: the nodejs package does things during installation/upgrade that breaks other packages.

With the current values for the rpm macros this breakage will repeat itself every nodejs major version update.