check for `package-lock=false` in configs before executing `npm i --package-lock-only`

(Jcollum Nike) #1

Having package-lock=false in any of the configs breaks the behavior of npm i --package-lock-only. Would be helpful if npm errored with a message about that before attempting to install that way.

(Cody A Taylor) #2

Personally, I want a configuration option that means:

Do not automatically create a package-lock.json

All other package-lock features should still work. If my co-workers want to use package-lock, it should be updated whenever working with that file. The audit command should still work. Shrinkwrap should still work.

The only behaviour I dislike is that a package-lock.json is generated by default. There should also be a CLI flag to create a package-lock.json even if I have automatic generation turned off.

(Audrey Eschright) #3

We will be adding an error message for this in an upcoming release. Thanks for the feedback!