You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 11, 2022. It is now read-only.
npm is producing incorrect or undesirable behavior.
Other (see below for feature requests):
What's going wrong?
npm install (6.1.0) doesn't update package-lock.json when using Git URL as dependency. In our team, devs are using npm i while devops are using npm ci, so that the application behaves quite differently during the deliver cycle due to inconsistent lock packages. This issue doesn't exist in npm 5.7.0 and below.
Please notice that in https://github.com/fzheng/package.lock.slave, the latest git commit is 1c01d, not a315c. Commit 1c01d is to calculate cubic, while Commit a315c is to calculate square.
Please do npm install in package.lock.master
$ npm i
added 1 package from 1 contributor and audited 1 package in 2.101s
found 0 vulnerabilities
please notice that the package-lock.json wasn't updated even though the dependency has a new commit, however, node index.js still somehow uses the latest code from dependency.
$ node index.js 3
27
Please rm -rf node_modules and do npm ci in package.lock.master.
$ npm ci
added 1 packages in 1.357s
please notice that this time, node index.js generates square result.
I'm opening this issue because:
What's going wrong?
npm install (6.1.0) doesn't update package-lock.json when using Git URL as dependency. In our team, devs are using
npm i
while devops are usingnpm ci
, so that the application behaves quite differently during the deliver cycle due to inconsistent lock packages. This issue doesn't exist in npm 5.7.0 and below.How can the CLI team reproduce the problem?
npm install
in package.lock.masterplease notice that the package-lock.json wasn't updated even though the dependency has a new commit, however,
node index.js
still somehow uses the latest code from dependency.rm -rf node_modules
and donpm ci
in package.lock.master.please notice that this time,
node index.js
generates square result.supporting information:
npm -v
prints: 6.1.0node -v
prints: v8.11.3npm config get registry
prints: https://registry.npmjs.org/The text was updated successfully, but these errors were encountered: