npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

NPM's suggestion for package lock and audit is misleading or doesn't work

✗ npm audit          
npm ERR! code EAUDITNOLOCK
npm ERR! audit Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile
npm ERR! audit Try creating one first with: npm i --package-lock-only

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/jcol53/.npm/_logs/2018-12-11T01_05_30_522Z-debug.log

`Try creating one first with: npm i --package-lock-only` ?

ok, will do:

✗ npm i --package-lock-only
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
...
ages, updated 1712 packages and audited 36637 packages in 17.361s
found 5 vulnerabilities (4 low, 1 moderate)
  run `npm audit fix` to fix them, or `npm audit` for details

OK I want to see details:

✗ npm audit
npm ERR! code EAUDITNOLOCK 
npm ERR! audit Neither npm-shrinkwrap.json nor package-lock.json found: Cannot audit a project without a lockfile
npm ERR! audit Try creating one first with: npm i --package-lock-only

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/jcol53/.npm/_logs/2018-12-11T01_06_30_214Z-debug.log

“Try creating one first with: npm i --package-lock-only”? WTF didn’t I just do that??

Why is NPM giving me bad instructions here?