npm install installs dependency from package-lock.json if package.json switches to github dependency

cli
priority:medium
triaged

(Ben Wiley) #1

What I Wanted to Do

I wanted to switch a previously installed npm dependency to a version hosted on github.

What Happened Instead

Since that dependency existed already in the package-lock.json, npm decided to install that version instead.

Reproduction Steps

  1. Install a dependency from npm
  2. Make sure the package-lock.json was updated
  3. Check out that dependency with git, make a change, and push that dependency to github.
  4. Go in your package.json and change the dependency’s version to github:myname/reponame#mybranch
  5. Run npm install (even try deleting node_modules first for good measure)
  6. Observe that the installed version is the same one from npm as before

Not really acceptable but kind of ok workaround

  1. Delete the package-lock.json and node_modules
  2. Run npm install
  3. Your dependency should be the version from github

Platform Info

$ npm --versions
{ spectacle: '5.0.0',
  npm: '6.0.0',
  ares: '1.10.1-DEV',
  cldr: '31.0.1',
  http_parser: '2.7.0',
  icu: '59.1',
  modules: '57',
  nghttp2: '1.25.0',
  node: '8.9.0',
  openssl: '1.0.2l',
  tz: '2017b',
  unicode: '9.0',
  uv: '1.15.0',
  v8: '6.1.534.46',
  zlib: '1.2.11' }
$ node -p process.platform
linux

(system) #3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.