Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

package-lock.json missing resolved & integrity fields #526

Closed
felschr opened this issue Jul 14, 2023 · 7 comments · Fixed by #527 or #590
Closed

package-lock.json missing resolved & integrity fields #526

felschr opened this issue Jul 14, 2023 · 7 comments · Fixed by #527 or #590

Comments

@felschr
Copy link

felschr commented Jul 14, 2023
edited
Loading

Hi, while trying to package protoc-gen-es for nixpkgs, I've ran into the issue that the package-lock.json doesn't contain any resolved & integrity fields: NixOS/nixpkgs#243432 (comment)
These fields should exist according to the docs: https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json

This can likely be fixed by regenerating the lock file from scratch and/or updating to newer versions of npm.
@felschr felschr changed the title broken package-lock.json package-lock.json missing resolved & integrity fields Jul 14, 2023
@felschr felschr mentioned this issue Jul 14, 2023
Closed
@smaye81 smaye81 mentioned this issue Jul 14, 2023
Merged
smaye81 added a commit that referenced this issue Jul 14, 2023
@smaye81
Regenerate lockfile and pin types node (#527)
e9125e7 
Fixes #526.

This follows the advice specified in
npm/cli#6301 for regenerating a
package-lock.json file by removing node_modules and package-lock.json.

It appears there is an open issue where resolved and integrity fields
are removed at times when the above steps are not followed.

This also pins `@types/node` to all patch versions as upgrading the
major/minor version causes issues in our TypeScript compatibility test
since `@types/node` dropped support for v4.1 and Protobuf-ES still
supports it.

Note that while this fixes the file with this PR, we cannot guarantee
that this won't occur again due to the open issue with npm.
@felschr
Copy link
Author

felschr commented Oct 6, 2023

So, this happened again.
I found this project (and improved it) that adds missing resolved & integrity fields to a package-lock.json without having to delete & regenerate it entirely:
https://github.com/jeslie0/npm-lockfile-fix

Maybe you could add that to a pre-commit hook or something to make sure the lockfile is valid.

@felschr
Copy link
Author

felschr commented Oct 15, 2023

Just noticed some cases that npm-lockfile-fix didn't cover yet and fixed them in jeslie0/npm-lockfile-fix#3

@felschr
Copy link
Author

felschr commented Oct 15, 2023

Another issue I noticed is, that some optionalDependencies like @bufbuild/buf-linux-x64 don't have entries in the package-lock.json anymore starting with v1.3.2.
The lock file should include resolved versions for all dependencies including optional ones.

@felschr
Copy link
Author

felschr commented Oct 15, 2023

@smaye81 can we reopen this issue or should I create a new one?

@felschr felschr mentioned this issue Oct 15, 2023
Merged
12 tasks
@smaye81
Copy link
Member

smaye81 commented Oct 15, 2023

Let's just reopen this one. I have a feeling this will happen again and don't want a proliferation of issues. I'll update the description.

@smaye81 smaye81 reopened this Oct 15, 2023
@smaye81
Copy link
Member

smaye81 commented Oct 15, 2023

Actually let's also open a second issue for investigation into whether this can be fixed permanently. We'll regenerate the lock files in the meantime and associate that to this PR.

This was referenced Oct 16, 2023
Closed
Merged
smaye81 added a commit that referenced this issue Oct 16, 2023
@smaye81
Regenerate package-lock file (#590)
bf833c3 
Fixes #526 

See the linked issue for context. This is a regeneration of the
package-lock file in the same vein as
#527
@felschr
Copy link
Author

felschr commented Oct 16, 2023

npm issues that track the problem of missing integrity & resolved fields:
npm/cli#4263, npm/cli#4460 npm/cli#6301

@timostamm timostamm mentioned this issue Oct 27, 2023
Merged
@timostamm timostamm mentioned this issue Nov 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@smaye81 @felschr