npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

package-lock.json registry references keep changing

I have a problem with the registry references in package-lock.json spuriously changing for no apparent reason.

I define a custom registry in my .npmrc file, that proxies to the primary npm registry for most packages, and hosts our internal organization packages at another URL:

... registry auth stuff here...

I find that package-lock.json inconsistently includes either the “correct” registry vs the default registry:

grep -R "" package-lock.json | wc -l

grep -R "" package-lock.json  | wc -l

You might be tempted to posit that the references are from before the .npmrc was configured, but no, you’d be wrong: npm i regularly switches references from TO for apparently no reason at all.

Currently I am using npm 6.4.1.

UPDATE: After receiving no responses here, I migrated to yarn, which has a sane lockfile (understandable and merge-friendly by being ordered consistently), which never changes unless there are real changes.