Bumping the version number happens at different moments in `package.json` and `package-lock.json`

help-wanted
cli
triaged
priority:medium
(Marcin Borkowski) #1

What I Wanted to Do

I wanted to write a script called as version in package.json, which would in particular commit the new version to Git. (Since my package.json is located in a subdirectory of the main project, i.e., deeper in the filesystem hierarchy than .git, npm version cannot do that for me.)

What Happened Instead

I expected that at the moment when the version script runs, both package.json and package-lock.json would be updated. While the documentation of npm version does not state this should happen, it doesn’t mention package-lock.json at all, so it seemed a reasonable assumption. It turned out not to be the case.

Reproduction Steps

In terminal:

mkdir npm-version-bug
cd npm-version-bug/
npm init -y
npm install # this creates package-lock.json

Then, edit package.json to make it look like this:

{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}

and say npm version patch in terminal. I had the following output:

> npm-version-bug@1.0.1 preversion /mem/npm-version-bug
> echo preversion; cat package.json; cat package-lock.json

preversion
{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "lockfileVersion": 1
}
v1.0.1

> npm-version-bug@1.0.1 version /mem/npm-version-bug
> echo version; cat package.json; cat package-lock.json

version
{
  "name": "npm-version-bug",
  "version": "1.0.1",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
{
  "name": "npm-version-bug",
  "version": "1.0.0",
  "lockfileVersion": 1
}

> npm-version-bug@1.0.1 postversion /mem/npm-version-bug
> echo postversion; cat package.json; cat package-lock.json

postversion
{
  "name": "npm-version-bug",
  "version": "1.0.1",
  "description": "",
  "main": "index.js",
  "scripts": {
    "preversion": "echo preversion; cat package.json; cat package-lock.json",
    "version": "echo version; cat package.json; cat package-lock.json",
    "postversion": "echo postversion; cat package.json; cat package-lock.json"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}
{
  "name": "npm-version-bug",
  "version": "1.0.1",
  "lockfileVersion": 1
}

As you can see, package.json is updated before running version and package-lock.json after running it.

Platform Info

$ npm --versions
{ 'npm-version-bug': '1.0.1',
  npm: '6.7.0',
  ares: '1.15.0',
  brotli: '1.0.7',
  cldr: '34.0',
  http_parser: '2.8.0',
  icu: '63.1',
  llhttp: '1.0.1',
  modules: '67',
  napi: '4',
  nghttp2: '1.35.1',
  node: '11.9.0',
  openssl: '1.1.1a',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.25.0',
  v8: '7.0.276.38-node.16',
  zlib: '1.2.11' }
$ node -p process.platform
linux
0 Likes

(Marcin Borkowski) #2

I wanted to just ping this post, but Discourse won’t let me ('ping'.length < 20). So let me ask these questions instead:

  1. Was anyone able to reproduce this?
  2. Is this behavior intentional, i.e., “feature not bug”?
  3. If yes, can it be documented?
  4. If not, can it be fixed?
  5. Is there any way I could help with resolving this (either way)?
0 Likes

(Lars Willighagen) #3

I really don’t know, but when it got introduced that part of the behavior wasn’t documented at all. It can be documented, and it can be fixed, but I’ll have to figure out what npm wants.

0 Likes

(Lars Willighagen) #4

PR (for actual implementation, not just docs):

If they don’t like it, we’ll hear it over there.

2 Likes