use "npm ci" instead of "npm install"

[milahu]

npm ci is better for automated installs for example, it treats the lockfile as read-only

npm ci was added in npm 5.7.1

npm ci is also used in npmlock2nix (but they still use npm install in the second pass ...)

https://github.com/svanderburg/node2nix/blob/315e1b85a6761152f57a41ccea5e2570981ec670/nix/node-env.nix#L470

example

in my case, npm install is trying to write to the lockfile, but the lockfile is read-only

npm ERR! Error: EACCES: permission denied, open '/nix/store/iyz28s00n0dxyswxjz1bvmm9x8labjq2-node-dependencies-fs-agent-1.0.0/fs-agent/package-lock.json'

with npm ci the install fails with ENOTCACHED (#106 #134)

npm ERR! request to https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz failed: cache mode is 'only-if-cached' but no cached response is available.

... fixed by updating node2nix

npm i -g https://github.com/svanderburg/node2nix