search

raineorshine / npm-check-updates

Find newer versions of package dependencies than what your package.json allows
Other
9.33k stars 323 forks source link

package-lock.json behaves weirdly in npm-check-updates versions >= 16.4.0 #1347

Open jashan777 opened 10 months ago

jashan777 commented 10 months ago

Steps to Reproduce

node version - v14.20.0 npm version - v6.14.17 os - windows 11 or macos ventura 13.4

  1. add npm-check-updates dependency in package.json file, version >= v16.4.0
  2. do npm i
  3. stage the changes, package.json and package-lock.json
  4. remove the node_modules folder
  5. do npm i again.

package-lock.json will change.

The changes are reverted if node_module folder is deleted and npm i is done.

ScreenShots Below are the changes in package-lock.json after second npm i Screenshot 2023-11-04 120815 Screenshot 2023-11-04 120833 Screenshot 2023-11-04 120850 Screenshot 2023-11-04 120951 Screenshot 2023-11-04 121008

first npm i : package-lock.json packageFirst.txt.txt

second npm i: package-lock.json packageSecond.txt.txt

jashan777 commented 10 months ago

seems to be a npm version issue as the issue doesn't appear in npm versions >=8.19.3 & node>= 16.19.0

raineorshine commented 10 months ago

Yeah, this is more an npm issue than npm-check-updates. We don't touch the package lock file, and we don't have control over how the modules are installed.

jashan777 commented 10 months ago

Yeah, this is more an npm issue than npm-check-updates. We don't touch the package lock file, and we don't have control over how the modules are installed.

The changes are reverted if one remove the node_modules folder again and do npm i , but suprisingly npm-check-updates version <= 16.3.0 works just fine and doesnt cause this issue.

raineorshine commented 10 months ago

Yes, that does seem strange. I wonder what changed between 16.3.0 and 16.4.0 that changed npm's install behavior.