Shouldn't the directions be to run this during "prepublish", not "preinstall"?

[greim]

My head is spinning trying to describe this, so hopefully I can explain myself clearly. You have two fictitious libraries:

1. lib-js which uses npm-force-resolutions
2. app-js which uses lib-js

I assert that lib-js should be doing this in its package.json:

"prepublish": "npx npm-force-resolutions"

...not what's currently specified in the README, which is this:

"preinstall": "npx npm-force-resolutions"

Why? Because "preinstall" runs npm-force-resolutions when app-js does an install, where it has no business running. It causes issues such as this.

"prepublish" OTOH should only run npm-force-resolutions when devs of lib-js do a publish or install, which is when you actually want it to run, since its job is to update package-lock.json, not mess with the installs of consuming packages.

Please let me know if I'm misunderstanding something.

[ishowta]

I generally agree, but wouldn't prepublish work before install? Furthermore, the latest npm seems to work even if it is not local. https://docs.npmjs.com/cli/v8/using-npm/scripts

This is probably an npm problem and there is a stackoverflow page that looks like a nightmare. https://stackoverflow.com/questions/23076968/npm-postinstall-only-on-development