From what I can find by reading old github issues and stack overflow posts, back in the npm v5 days, the package versions in the “requires” section would simply be a bare version number such as “7.4.4”. In npm v6, this was changed so that the versions in the “requires” section would match the containing packages’ package.json. So if the package.json required “^7.4.4”, then, in the “requires” section, the package would specify “^7.4.4” (note the caret).
However, it appears that npm 6 will sometimes output the npm 5 style? For example, I have a coworker… We’re using the same version of npm (v6.9.0). Our configs are the same (comparing the output of
npm config ls -l). We’re both on Mac’s. The only difference is that I’m using node v10.15.3 installed via asdf, and he’s using v11.12.0 installed via nvm. When he runs npm install, he gets bare version numbers in the “requires” section ala npm 5 style (ie, “7.4.4”) and I get the npm 6 style (ie, “^7.4.4”). Would the node version affect the way npm runs?
Another fun thing that likes to change from one dev to the next is that
"optional": true will get added or dropped from dependencies’ dependencies.
These two problems combined essentially guarantee that package-lock.json changes significantly every time someone on our team does an npm install and it’s causing a lot of annoying merge conflicts. What’s going on here?