NPM's suggestion for package lock and audit is misleading or doesn't work

βœ— npm audit          
npm ERR! code EAUDITNOLOCK
npm ERR! audit Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile
npm ERR! audit Try creating one first with: npm i --package-lock-only

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/jcol53/.npm/_logs/2018-12-11T01_05_30_522Z-debug.log

`Try creating one first with: npm i --package-lock-only` ?

ok, will do:

βœ— npm i --package-lock-only
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
...
ages, updated 1712 packages and audited 36637 packages in 17.361s
found 5 vulnerabilities (4 low, 1 moderate)
  run `npm audit fix` to fix them, or `npm audit` for details

OK I want to see details:

βœ— npm audit
npm ERR! code EAUDITNOLOCK 
npm ERR! audit Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile
npm ERR! audit Try creating one first with: npm i --package-lock-only

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/jcol53/.npm/_logs/2018-12-11T01_06_30_214Z-debug.log

β€œTry creating one first with: npm i --package-lock-only”? WTF didn’t I just do that??

Why is NPM giving me bad instructions here?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.