Bumping the version number happens at different moments in `package.json` and `package-lock.json`

What I Wanted to Do

I wanted to write a script called as version in package.json, which would in particular commit the new version to Git. (Since my package.json is located in a subdirectory of the main project, i.e., deeper in the filesystem hierarchy than .git, npm version cannot do that for me.)

What Happened Instead

I expected that at the moment when the version script runs, both package.json and package-lock.json would be updated. While the documentation of npm version does not state this should happen, it doesn’t mention package-lock.json at all, so it seemed a reasonable assumption. It turned out not to be the case.

Reproduction Steps

In terminal:

mkdir npm-version-bug
cd npm-version-bug/
npm init -y
npm install # this creates package-lock.json

Then, edit package.json to make it look like this:

{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}

and say npm version patch in terminal. I had the following output:

> npm-version-bug@1.0.1 preversion /mem/npm-version-bug
> echo preversion; cat package.json; cat package-lock.json

preversion
{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "lockfileVersion": 1
}
v1.0.1

> npm-version-bug@1.0.1 version /mem/npm-version-bug
> echo version; cat package.json; cat package-lock.json

version
{
  "name": "npm-version-bug",
  "version": "1.0.1",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "lockfileVersion": 1
}

> npm-version-bug@1.0.1 postversion /mem/npm-version-bug
> echo postversion; cat package.json; cat package-lock.json

postversion
{
  "name": "npm-version-bug",
  "version": "1.0.1",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
{
  "name": "npm-version-bug",
  "version": "1.0.1",
  "lockfileVersion": 1
}

As you can see, package.json is updated before running version and package-lock.json after running it.

Platform Info

$ npm --versions
{ 'npm-version-bug': '1.0.1',
  npm: '6.7.0',
  ares: '1.15.0',
  brotli: '1.0.7',
  cldr: '34.0',
  http_parser: '2.8.0',
  icu: '63.1',
  llhttp: '1.0.1',
  modules: '67',
  napi: '4',
  nghttp2: '1.35.1',
  node: '11.9.0',
  openssl: '1.1.1a',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.25.0',
  v8: '7.0.276.38-node.16',
  zlib: '1.2.11' }
$ node -p process.platform
linux

I wanted to just ping this post, but Discourse won’t let me ('ping'.length < 20). So let me ask these questions instead:

  1. Was anyone able to reproduce this?
  2. Is this behavior intentional, i.e., “feature not bug”?
  3. If yes, can it be documented?
  4. If not, can it be fixed?
  5. Is there any way I could help with resolving this (either way)?

I really don’t know, but when it got introduced that part of the behavior wasn’t documented at all. It can be documented, and it can be fixed, but I’ll have to figure out what npm wants.

PR (for actual implementation, not just docs):

If they don’t like it, we’ll hear it over there.

2 Likes

Hi there, it’s me again, and sorry for the delay. (I have a workaround, so it is not extremely urgent for me now - but I’d like to see it resolved for posterity.)

Thanks a lot for working on this. I do not know enough about npm internals to analyze the code, but could someone else look into this and merge the PR?

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.