Closed zregvart closed 1 month ago
The package-lock.json file looks malformed to me. It's missing resolved
and integrity
keys for nearly all of the dependencies
When I ran npm install
the package-lock.json
file was left unchanged, it seems that NPM thinks the lock file is okay.
The first thing I tried was deleting package-lock.json and regenerating it by running npm install
. All of the missing keys were added back.
It might be related to this issue: https://github.com/npm/cli/issues/4263
In any case, cachi2 does not execute npm itself when prefetching dependencies, so the resolved keys in package-lock.json are required in order for cachi2 to know what to download.
@taylormadore thanks for the effort and explanation, I think we can close this now -- regenerating the lock file seems to be the way to go.
Reported on behalf of @kahboom; cachi2 doesn't seem to fetch all dependencies for this repository:
https://github.com/kahboom/rekor-search-ui at 144e299c83f79441dc4b87c078d7d436857f796f. To reproduce run:
Workaround seems to be running
npm dedup
: