package-lock.json is "order of installation" dependent.

cli
priority:medium
triaged

(Christopher Currie) #1

What I Wanted to Do

Add eslint@latest as a dependency without warnings.

What Happened Instead

npm install eslint@latest produced a warning:
npm WARN ajv-keywords@3.2.0 requires a peer of ajv@^6.0.0 but none is installed. You must install peer dependencies yourself.

npm ls also produces a lot output and ends with an error:
npm ERR! peer dep missing: ajv@^6.0.0, required by ajv-keywords@3.2.0

Reproduction Steps

mkdir test
cd test
npm init # set description and repo to avoid extra warnings
npm i semantic-release@10 # has warnings, can be ignored
npm i eslint # creates the issue

Details

Important note! If the packages are installed in the reverse order, then the issue does not occur.

mkdir test
cd test
npm init # set description and repo to avoid extra warnings
npm i eslint # no issue
npm i semantic-release@10

npm ls after this is fine, no complaints.

This gist contains the final package.json, and the resulting broken and working package-lock.json files.

Platform Info

$ npm --versions

{ node: '8.11.1',
  npm: '6.2.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  nghttp2: '1.25.0',
  openssl: '1.0.2o',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.1',
  v8: '6.2.414.50',
  zlib: '1.2.11' }

$ node -p process.platform
darwin

(Christopher Currie) #2

Turns out this is even easier to repro than I thought. Move eslint to dev dependencies, and the issue appears with just npm install in a clean directory. Put both in the same dependency section and it goes away. I presume npm is installing dependencies before devDependencies, but alphabetical within a section.


(system) #4

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.