[BUG] Installing package @slidewave/gitignore-include doesn't add bin entry to lockfile or create links in the .bin folder

Is there an existing issue for this?

[X] I have searched the existing issues

This issue exists in the latest npm version

[X] I am using the latest npm

Current Behavior

Installing the package @slidewave/gitignore-include results in no bin key in the version 3 lockfile, and thus no symlinks in the node_modules/.bin folder.

        "node_modules/@slidewave/gitignore-include": {
            "version": "2.2.7",
            "resolved": "https://registry.npmjs.org/@slidewave/gitignore-include/-/gitignore-include-2.2.7.tgz",
            "integrity": "sha512-1ht1+34reT5aAel9K0u7+XDenjtt7Oz2MPKVMh65A3JLANnPaBTRfeqVs1U1APlDIDzKVcU0crP3FWny6tCWFQ==",
            "dev": true,
            "license": "Apache-2.0",
            "dependencies": {
                "fast-glob": "^3.2.12",
                "follow-redirects": "^1.15.2",
                "minimist": "^1.2.8"
            },
            "engines": {
                "node": ">=14.18"
            }
        },

And doesn't have the expected symlinks:

$ find node_modules/.bin -name 'gii*'

Expected Behavior

Installing the package @slidewave/gitignore-include results in a bin key in the version 3 lockfile, and a pair of symlinks in the node_modules/.bin folder.

        "node_modules/@slidewave/gitignore-include": {
            "version": "2.2.7",
            "resolved": "https://registry.npmjs.org/@slidewave/gitignore-include/-/gitignore-include-2.2.7.tgz",
            "integrity": "sha512-1ht1+34reT5aAel9K0u7+XDenjtt7Oz2MPKVMh65A3JLANnPaBTRfeqVs1U1APlDIDzKVcU0crP3FWny6tCWFQ==",
            "dev": true,
            "license": "Apache-2.0",
            "dependencies": {
                "fast-glob": "^3.2.12",
                "follow-redirects": "^1.15.2",
                "minimist": "^1.2.8"
            },
            "bin": {
                "giiclean": ".build/cli.js",
                "giismudge": ".build/cli.js"
            },
            "engines": {
                "node": ">=14.18"
            }
        },

And does have the expected symlinks:

$ find node_modules/.bin -name 'gii*'
node_modules/.bin/giismudge
node_modules/.bin/giiclean

Steps To Reproduce

nvm install 20
Set up a basic repository using package-lock version 3.
Run npm i -D @slidewave/gitignore-include
Attempt to execute the script ./node_modules/.bin/giismudge --help - you could also use npx giismudge --help to get the same.
Inspect the package-lock for the bin entry: jq '.packages["node_modules/@slidewave/gitignore-include"]' package-lock.json should show the bin entry and it does not.

You can see from the NPM package that the published package has the needed bin entry and that the compiled file that the bin entries point to exists.

I am the author of the package under discussion and I admit that I could have made a mistake in that package somehow. But to the best of my knowledge it's correct. I have a memory of it working correctly in the past, but I don't remember what versions of what. Manually adding the bin entry to the package-lock.json file entry shown above and running npm ci makes everything happy and perfect. But the next time the package gets an upgrade or otherwise re-installed that bin entry will get wiped.

Environment

npm: 10.8.2
Node.js: 20.18.0
OS Name: Debian Bullseye, via Docker image mcr.microsoft.com/vscode/devcontainers/javascript-node:20-bullseye. Host is MacOS 14.6.1 on an MacBook Pro running an Apple M1 Pro CPU.
npm config:
```
; "user" config from /home/node/.npmrc
```

//npm.pkg.github.com/:_authToken = (protected) //registry.npmjs.org/:_authToken = (protected)

; "project" config from /app/.npmrc

@REDACTED:registry = "https://npm.pkg.github.com" engine-strict = true lockfile-version = "3"

; node bin location = /usr/local/share/nvm/versions/node/v20.18.0/bin/node ; node version = v20.18.0 ; npm local prefix = /app ; npm version = 10.8.2 ; cwd = /app ; HOME = /home/node ; Run npm config ls -l to show all defaults.


Note that the redacted registry key is NOT `@slidewave`.

npm / cli