The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
Is it still necessary to fetch metadata for every package when package-lock.json exists?
npm install will fetch metadata for every package even when
package-lock.json exists and is used to keep
node_modules's structure stable.
There is already the tarball URL and integrity for both direct and indirect dependencies in
package-lock.json, tarballs can be cached in npm cache, however large amount of metadata HTTP request still slows down the speed of install.
It seems possible to construct the ideal tree from
package-lock.json, so it is possible that in a future release we can have an option to disable metadata fetching in installs?