Closed louh closed 5 years ago
Hey @louh, thank you for flagging. I do not believe npm is entering the package-lock any longer (I scanned the package-lock.json on master). A big feature branch was merged yesterday and one of the changes moved the project from yarn to npm. I suspect the issue you found could have been caused by some gnarly interaction between yarn and npm, but I am not sure. Closing, but feel free to reopen if you still see an issue.
Hey @morganherlocker, thanks for the update.
I took a closer look at the package entry on npm (https://www.npmjs.com/package/sharedstreets), which specifies the latest version as 0.9.3, whereas your current package.json
is 0.12.0. So, looking back at commit history, I see that npm
was previously added and removed as a dependency (reference commit 868d6664ac4e14c3b432d3cda3f4a5b43a8d5d52). However, I don't believe any of the more recent versions had been published to npm
.
I've had a really strange bug in my environment that I've tracked down to the
sharedstreets
package somehow, but I can't explain it, so I'm hoping I might get some insight if I post it here.For some reason, installing
sharedstreets
as a dependency in my app causes an older version ofnpm
to be installed innode_modules
. This creates conflicts with my system's globalnpm
, and adds a bunch of additional modules.I can duplicate this even on a fresh directory:
Notice that
npm@5.8.0
is in the "requires" field.What's very strange, of course, is that
npm
is not listed as a dependency in yourpackage.json
. Or inyarn.lock
(although I'm not using yarn). So where is it coming from? Somewhere else that I'm missing?My environment is a MacOSX 10.14.1, Node v12.2.0, npm v6.9.0.