npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Incorrect behavior for dependency via path, with package-lock.json definition

What I Wanted to Do

We have two packages with dependency via relative path. npm install on second package, with package-lock.json, but without node_modules should link dependency to the first package.
We track package-lock.json in git repo, but we don’t want to track whole node_modules as well.

What Happened Instead

First execution of npm install correctly creates node_modules and package-lock.json. However, after removing node_modules (it simulates situation on fresh environment, ie. CI) npm install fails with message

npm ERR! path C:\npm_issue\2\node_modules\.staging\first-1ba32f7f\node_modules\@gulp-sourcemaps\map-sources
npm ERR! code ENOENT
npm ERR! errno -4058
npm ERR! syscall rename
npm ERR! enoent ENOENT: no such file or directory, rename 'C:\npm_issue\2\node_modules\.staging\first-1ba32f7f\node_modules\@gulp-sourcemaps\map-sources' -> 'C:\npm_issue\2\node_modules\.staging\@gulp-sourcemaps\map-sources-9ac35e3f'
npm ERR! enoent This is related to npm not being able to find a file.

Reproduction Steps

Create directories 1 and 2 with package.json as described in Details section.

cd 1
npm install
cd ../2
npm install
rm -rf node_modules
npm install


First package:

  "name": "first",
  "dependencies": {
    "gulp-sass": "~4.0.1",
    "gulp-sourcemaps": "~2.6.4"

Second package:

  "name": "second",
  "dependencies": {
    "first": "file:../1/"

Platform Info

$ npm --versions
{ npm: '6.4.1',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.32.0',
  node: '8.12.0',
  openssl: '1.0.2p',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.2',
  v8: '6.2.414.66',
  zlib: '1.2.11' }
$ node -p process.platform