Bumping the version number happens at different moments in `package.json` and `package-lock.json`


(Marcin Borkowski) #1

What I Wanted to Do

I wanted to write a script called as version in package.json, which would in particular commit the new version to Git. (Since my package.json is located in a subdirectory of the main project, i.e., deeper in the filesystem hierarchy than .git, npm version cannot do that for me.)

What Happened Instead

I expected that at the moment when the version script runs, both package.json and package-lock.json would be updated. While the documentation of npm version does not state this should happen, it doesn’t mention package-lock.json at all, so it seemed a reasonable assumption. It turned out not to be the case.

Reproduction Steps

In terminal:

mkdir npm-version-bug
cd npm-version-bug/
npm init -y
npm install # this creates package-lock.json

Then, edit package.json to make it look like this:

{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}

and say npm version patch in terminal. I had the following output:

> npm-version-bug@1.0.1 preversion /mem/npm-version-bug
> echo preversion; cat package.json; cat package-lock.json

preversion
{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "lockfileVersion": 1
}
v1.0.1

> npm-version-bug@1.0.1 version /mem/npm-version-bug
> echo version; cat package.json; cat package-lock.json

version
{
  "name": "npm-version-bug",
  "version": "1.0.1",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "lockfileVersion": 1
}

> npm-version-bug@1.0.1 postversion /mem/npm-version-bug
> echo postversion; cat package.json; cat package-lock.json

postversion
{
  "name": "npm-version-bug",
  "version": "1.0.1",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
{
  "name": "npm-version-bug",
  "version": "1.0.1",
  "lockfileVersion": 1
}

As you can see, package.json is updated before running version and package-lock.json after running it.

Platform Info

$ npm --versions
{ 'npm-version-bug': '1.0.1',
  npm: '6.7.0',
  ares: '1.15.0',
  brotli: '1.0.7',
  cldr: '34.0',
  http_parser: '2.8.0',
  icu: '63.1',
  llhttp: '1.0.1',
  modules: '67',
  napi: '4',
  nghttp2: '1.35.1',
  node: '11.9.0',
  openssl: '1.1.1a',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.25.0',
  v8: '7.0.276.38-node.16',
  zlib: '1.2.11' }
$ node -p process.platform
linux