npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm install installs incorrect version of git dependencies and doesn't install new sub-dependencies

What I Wanted to Do

Install all dependencies for a project with missing node_modules. Depencencies include module installed from git, and I want to install the same version that’s specified in package-lock.json

What Happened Instead

npm installed the newest version of the module, without changing package-lock. So package lock said "version": "git+ssh://", but the module in node_modules is the newest version in git repo. Addittionally npm did not install any new dependencies introduced by the updated module, leading to a broken build.

Just to clarify, after npm install, node_modules\somedep\package.json can list some-package as dependency, but some-package is not installed at all.

Reproduction Steps

Now npm has loaded the newest version of your dependency (check node_modules), but didn’t install the dependency introduced by the new version.

I’d imagine npm is supposed to respect package-lock.json and install the correct version, but even if it always installs the newest version, it should obviously install all subdependencies.

Platform Info

$ npm --versions
{ npm_test: '0.0.0',
  npm: '6.11.3',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.1',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '',
  zlib: '1.2.11' }
$ node -p process.platform