The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
Successive npm installs resulting in slight differences in lockfile (npm@5)
Copying (and editing) from https://github.com/npm/npm/issues/16728. I’m not the original reporter, but this bug affects a project I care about so I’m moving the bug report to the current issue tracker.
What I Wanted to Do
I started with a package_lock.json which was copied from an old npm_shrinkwrap.json - it was updated when I ran
npm install with a clean node_modules directory.
Then I git committed and pushed the changed lockfile.
Then I ran
npm install again, expecting no changes
What Happened Instead
…and there were a few slight changes to the lockfile.
package.json dependencies: https://gist.github.com/thomblake/29fa300ba7a701696f4eefdb2d4ab8ae
package_lock.json after first install: https://gist.github.com/thomblake/7d5dc1f9d5f32ce22f2a9a3b6a5f2adf
package_lock.json after second install: https://gist.github.com/thomblake/fa0c351f01ec17ec3cde5e22ef6388dd
diff between lockfiles: https://gist.github.com/thomblake/65ac6f2c30e7289b520149519f1c2b49
npm config get registryprints:
- Windows, OS X/macOS, or Linux?: OS X
- Network issues:
- Geographic location where npm was run: San Leandro, CA
$ npm --versions <!-- paste output here --> $ node -p process.platform <!-- paste output here -->
Subsequent conversation in the original issue suggest that this may have been fixed, but there was some uncertainty. I don’t see the issue with firstname.lastname@example.org, so maybe it was fixed in that release line. I still get shrinkwrap file changes using email@example.com though. Bug or simple breaking change between versions of npm?
5.0.0 had a lot of these issues. Can you post the repro with 6.4.0? I assume it’s different things changing. We’re working on hunting down the last few cases of this. I think some npm@6 changes related to stabilizing the lockfile ended up causing a regression with some types of specs.
I’d also be interested if you can reproduce this by doing
$ rm -rf node_modules package-lock.json (yes, both!) and doing a fresh install.
Repro with npm 6.4.0 would be the
npm-shrinkwrap.json file at https://github.com/moodle/moodle/tree/8df868e9e0dc684c9746c91b2fa7ff21417264d4.
No changes to
npm-shrinkwrap.json with firstname.lastname@example.org, but changes with email@example.com.
npm-shrinkwrap.json did not change the results.
Wanted to upload the two relevant files to minimize friction for everyone else, but I’m being told new users can only upload one file per post. So here’s the shrinkwrap file:
npm-shrinkwrap.json (203.8 KB)
And here’s the package.json:
package.json (681 Bytes)
aha, yes. That diff is expected. When you cross the
npm@6 boundary, there’s a single big diff due to that change that we did precisely so we would get fewer diffs going forward. So just do one
npm i with 6 and it should be good from there!
Cool. So, previous bug in npm@5 has been fixed. And diff with npm@6 is not a bug. Thanks!
It was one of the breaking changes for
npm@6, yeah. See the FORMAT CHANGES section here: