Bad merge cause npm install not completely update package-lock.json

triaged
cli

(Yiou Chen) #1

What I Wanted to Do

After merge if package-lock.json have wrong versions recorded, npm install should fix all wrong versions in package-lock.json in one go.

What Happened Instead

npm install once doesn’t completely fix the wrong version. npm install again fixes it (See the reproducible step below for what I meant).

Reproduction Steps

$ mkdir test-package
$ cd test-package && npm init -yes
$ npm i fruit-alpha@1.0.3 fruit-beta@3.1.0
$ npm list

this returns

test-package@1.0.0 /Users/username/test-package
├── fruit-alpha@1.0.3
└─┬ fruit-beta@3.1.0
  └── fruit-alpha@3.1.0

Open up package-lock.json and manually change the fruit-beta’s dependency to fruit-alpha 1.0.3 (to simulate a bad merge)

"fruit-beta": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/fruit-beta/-/fruit-beta-3.1.0.tgz",
      "integrity": "sha512-6TYd7Vq6rzxupBv7MZHD7QUwz/OAi5FHsjmojXBcsnWAFapIkkRlIv9eGV1pFbJ8GTsB8TCYwglt0zKUfXQZLQ==",
      "requires": {
        "fruit-alpha": "1.0.3"
      },
      "dependencies": {
        "fruit-alpha": {
            "version": "1.0.3",
            "resolved": "https://registry.npmjs.org/fruit-alpha/-/fruit-alpha-1.0.3.tgz",
            "integrity": "sha512-lwHtrX8mRgxBdc9Va8KBKtM9FLnFaoeCvvEV4wmwhvcWTpUw/5EXSr5Y/yTI9wuHHcGe/PyA6RiQabd9xg4Z4w=="
        }
      }
    }
$ rm -rf node_modules
$ npm i
$ npm list

this returns

test-package@1.0.0 /Users/username/test-package
├── fruit-alpha@1.0.3
└─┬ fruit-beta@3.1.0
  └── fruit-alpha@1.0.3 invalid

npm install again

$ npm i
$ npm list

second install fixes the package-lock

Platform Info

$ npm --versions
6.5.0
$ node -p process.platform
darwin