npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

check for `package-lock=false` in configs before executing `npm i --package-lock-only`

Having package-lock=false in any of the configs breaks the behavior of npm i --package-lock-only. Would be helpful if npm errored with a message about that before attempting to install that way.


Personally, I want a configuration option that means:

Do not automatically create a package-lock.json

All other package-lock features should still work. If my co-workers want to use package-lock, it should be updated whenever working with that file. The audit command should still work. Shrinkwrap should still work.

The only behaviour I dislike is that a package-lock.json is generated by default. There should also be a CLI flag to create a package-lock.json even if I have automatic generation turned off.


We will be adding an error message for this in an upcoming release. Thanks for the feedback!