npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

package-lock.json version does not match package.json

when running an npm install, a package-lock.json file is generated with a mismatched version number. package.json version number is 0.0.0--ignored while package-lock.json is 0.0.1. i wouldn’t expect the package lock to pick up the note at the end of the version, but i would expect it to at least not increment unexpectedly.

$ npm --versions
{ 'repo': '0.0.0--ignored',
  npm: '6.8.0',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.1',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '',
  zlib: '1.2.11' }
$ node -p process.platform

omitting the version field (for a non-publishing project) might be the right way to do this now that i think about it. npm and yarn and their lock files seem to behave okay when it’s missing, and it communicates the intent that this project isn’t governed by semver.