`npm install --before` does not ignore `node_modules/.package-lock.json`

[ljharb]

Current Behavior:

1. Go to a repo that has had transitive dep publishes, but hasn’t had any root dep updates.
2. Run npm install
3. run rm -rf node_modules/.bin && rm -rf node_modules/* (i usually do this to avoid deleting the node_modules dir and breaking my Dropbox sync settings)
4. Run npm install --before=$lastRootDepUpdates
5. See install fail, not finding a transitive dep that was published after the date, but shouldn’t be required, and wouldn’t be on a fresh install.
6. Run `rm -rf node_modules/.package-lock.json
7. Run npm install --before=$lastRootDepUpdates
8. See install pass

Expected Behavior:

Install passes at step 4.

Steps To Reproduce:

See above. I found this in https://github.com/yannickcr/eslint-plugin-react.

Environment:

• Node: 15.8.0
• npm: 7.5 (whatever it comes with)

[darcyclarke]

@ljharb apologize this didn't get picked up earlier, can you just confirm this is still happening in the latest version?

[ljharb]

Confirmed, it's still happening.

On latest master of eslint-plugin-react, I followed the repro steps with a date of 2021-02-22, and got:

npm ERR! code ETARGET
npm ERR! notarget No matching version found for object.values@^1.1.3 with a date before 2/21/2021, 4:00:00 PM.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.

npm ERR! A complete log of this run can be found in:
npm ERR!     $HOME/.npm/_logs/2021-03-12T20_26_49_706Z-debug.log

[ljharb]

@isaacs if this is a change that needs making in arborist, and you could give me some tips, i'd be happy to try to make a PR.