is there a reason why npmInstall requires a package-lock.json file

[cstmgl]

I had a working build that now is failing because on npmInstall it always fails because the package-lock.json is not available. my expectation is that the package-lock.json file is generated from the npm install.

If I ran it manually the package-lock.json file gets created but if I execute it over gradle npmInstall it does not.

so my question is why this is happening? something i'm missing?

* What went wrong:
A problem was found with the configuration of task ':npmInstall'.
> File 'package-lock.json' specified for property '$2' does not exist.

edit: later on I used npm_install instead of npmInstall and it did not require the package-lock.json file... I thought both commands did the same

[g3force]

We actually do have the package-lock.json checked in, but the CI build unpredictably modifies it during npm install. That invalidates the cache on the second run.

My expectation would be, that npmInstall only depends on package.json.

[rafeememon]

@g3force

We actually do have the package-lock.json checked in, but the CI build unpredictably modifies it during npm install. That invalidates the cache on the second run.

You probably want to be using npm ci instead of npm install. There's a request to support it in this plugin here: https://github.com/srs/gradle-node-plugin/issues/307. As a workaround, in your build you could manually run npm ci and exclude npmInstall from other tasks.

My expectation would be, that npmInstall only depends on package.json.

I don't think this can be the case; a change in the lock file should absolutely lead to a change in the packages that are installed in node_modules.

[g3force]

npm ci removes the node_modules completely. That is not, what I want in an incremental build. In our build-pipeline, I always do a clean build which removes the node_modules folder anyway. But for local development, I do not want to have all the NPM stuff be executed, if I haven't touched any UI code.

I don't think this can be the case; a change in the lock file should absolutely lead to a change in the packages that are installed in node_modules.

From my point of view, the package-lock.json file is a generated file that is not manually touched by a user. Unless I have added new dependencies to package.json or changed versions, I do not want gradle to run npm install again. Of course you are right, that changes in the package-lock.json could potentially change the node-modules folder again. Ideally, I'd prefer that npm install would not touch the package-lock.json at all...

[rafeememon]

npm ci removes the node_modules completely. That is not, what I want in an incremental build. In our build-pipeline, I always do a clean build which removes the node_modules folder anyway. But for local development, I do not want to have all the NPM stuff be executed, if I haven't touched any UI code.

Correct, you would run ci in your build pipeline, and install during local development.

From my point of view, the package-lock.json file is a generated file that is not manually touched by a user. ...

The mechanism by which it is modified doesn't matter: the lock file is vital for determining the layout of node_modules during npm install (and npm ci) and must be an input to the task. Again, I think you want to be using ci in your build pipeline to avoid unpredictable modifications to your lock file.

[g3force]

The build pipeline is quite irrelevant here, because as I said, I do a clean build anyway.

But I do not want the developers to execute npm install on each build. Especially, when they are just working on the backend, not on the UI.

[rafeememon]

The task will be checked, but not run, if package.json, package-lock.json, and node_modules haven't changed.

The build pipeline should be relevant -- if you're getting unpredictable lock file modifications on clean builds, you don't have reproducible builds!

[g3force]

yeah, you are right. I investigated the modifications further and now I do not have modifications in this file anymore. This will hopefully keep like this...

[mashhur]

I had a same issue. And I figured out 1.3 version generates this error. Versioned down to 1.2.0 and working well. (gradle-node-plugin:1.2.0) Hope this bug will be fixed soon!

[daggerok]

please fix that annoying issue I don't wanna keep package-lock.json in my repo

[daggerok]

can anyone explain what purpose of failing npmInstall task without package-lock.json file? npm doesn't have such behaviour, so it's plugin bug, not expected behaviour

[jmcdl]

I was experiencing the same issue and have temporarily resolved it by downgrading the plugin version to 1.2.0 as suggested by @mashhur.

[deepy]

The reason you're seeing this is because of https://github.com/srs/gradle-node-plugin/issues/336

The inputs are declared twice and the first part is not marked as optional, we've fixed this in the fork https://github.com/node-gradle/gradle-node-plugin