What I Wanted to Do
npm audit should work seamlessly when packages.json has package reference with pre-release versions like
"react": "^16.9.0-" and it is being resolved with
firstname.lastname@example.org in packages-lock.json file.
What Happened Instead
It actually fails to match the versions pattern with packages.json & packages-lock.json and throws below error
npm ERR! code ELOCKVERIFY
npm ERR! Errors were found in your package-lock.json, run npm install to fix them.
npm ERR! Invalid: lock file’s email@example.com does not satisfy react@^16.9.0-
- Clone this repository github npm-audit-semver-prerelease
Attched npm debug log file for more information.
$ npm --versions 6.9.0 $ node -p process.platform win32
It works fine with Yarn
yarn auditbut we don’t want to use just for audit