lerna --version incorrectly updates package-lock.json generated with npm@7

[TomaszG]

Expected Behavior

Package version should be correctly updated in package-lock.json version 2 with lerna --version command.

Current Behavior

When package-lock.json in version 2 is used (generated by npm@7) then lerna --version command updates only the first (root) version information in the package-lock.json. The information in the packages section of package-lock.json is left with an old version.

{
  "name": "@space/types",
  "version": "1.0.13",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "@space/types",
      "version": "1.0.11",
      "dependencies": {
        "@space/constants": "file:../constants",
        "fp-ts": "^2.9.5",
        "io-ts": "^2.2.14",
        "joi": "^17.4.0"
      }
    },
(...)

Steps to Reproduce (for bugs)

0. Install and use npm@7
1. Create a lerna monorepo with "version": "independent"
2. Add a package, publish it to have an initial version published
3. Make some changes in the package, commit, push
4. Run lerna --version to tag a new version
5. Review pushed changes in package-lock.json

lerna.json

{
  "packages": [
    "packages/*"
  ],
  "version": "independent",
  "command": {
    "publish": {
      "ignoreChanges": [
        "*.md"
      ],
      "registry": "<redacted>"
    }
  }
}

Your Environment

Executable	Version
lerna --version	3.22.1
npm --version	7.6.0
node --version	14.15.0

OS	Version
macOS Catalina	10.15.7

[tex0l]

I can reproduce the issue and I understand what's happening, but I have no solution.

It comes from an inconsistent installation of npm. The version you have in your path differs from the one actually used by lerna in the packages.

I use npm@7.6.3 with node@14.16.0. I installed the node@14 package with Homebrew which initially comes with npm@6.14.11 but updated it with npm i -g npm --force. When I use npm from my shell:

✗ npm --version 
7.6.3

But lerna doesn't use the same binary for npm, it uses the one intially installed with node@14

✗ lerna exec -- npm --version
lerna notice cli v3.22.1
lerna info Executing command in 5 packages: "npm --version"
6.14.11
6.14.11
6.14.11
6.14.11
6.14.11
lerna success exec Executed command in 5 packages: "npm --version"

This is confirmed by test which npm from the shell:

✗ which npm
/usr/local/bin/npm

And from lerna exec:

✗ lerna exec -- which npm    
lerna notice cli v3.22.1
lerna info Executing command in 5 packages: "which npm"
/usr/local/Cellar/node@14/14.16.0_1/bin/npm
/usr/local/Cellar/node@14/14.16.0_1/bin/npm
/usr/local/Cellar/node@14/14.16.0_1/bin/npm
/usr/local/Cellar/node@14/14.16.0_1/bin/npm
/usr/local/Cellar/node@14/14.16.0_1/bin/npm
lerna success exec Executed command in 5 packages: "which npm"

Using lerna info, this is not detected:

✗ lerna info
lerna notice cli v3.22.1

 Environment info:

  System:
    OS: macOS 11.2.3
    CPU: (4) x64 Intel(R) Core(TM) i5-7360U CPU @ 2.30GHz
  Binaries:
    Node: 14.16.0 - /usr/local/bin/node
    Yarn: 1.22.10 - /usr/local/bin/yarn
    npm: 7.6.3 - /usr/local/bin/npm
  Utilities:
    Git: 2.30.0 - /usr/local/bin/git
  npmPackages:
    lerna: ^3.22.1 => 3.22.1 

I didn't find what $PATH lerna exec uses, nor how to configure it to use the same one as the current shell.

[arantes555]

I think the problem with PATH and npm versions described in the comments is completely unrelated to the initially described bug : my lerna uses the correct npm@7, and still only updates one version field when doing lerna version

[tex0l]

@arantes555 You're right, the problem I have with the lockfileVersion in the package-lock.json is a bit different and most certainly unrelated with the initial bug report, I created a separate issue: #2850

[korgon]

I too am encountering this issue with Node 15 and Lerna 4. The versioning in packages section of package-lock.json is left with an old version after running publish. Subsequent attempts to publish after re-running npm install fail due to: lerna ERR! EUNCOMMIT Working tree has uncommitted changes

[kanoshin]

@evocateur could you take a look? This blocks from using lerna version with npm v7. Looks like there is PR with fix already.

[mysterycommand]

Just ran into this issue yesterday. Any update? Anything I can do to help?

[trevor-scheer]

For those interested, we'll be working around this issue soon via this PR

Note the top-level package.json script "version": "npm install"
The lerna version hook allows us to make changes after version updates, but pre-commit. For us, running npm install has no effects besides updating the package-lock.json at the root as expected. YMMV, of course, if you have other hooks implemented around the the native npm install lifecycle i.e. preinstall.

[k-koehler]

I am also having this error breaking my CI/CD pipeline after upgrading to lockfileVersion: 2, causing the following error: npm ERR! Invalid Version in our CI/CD pipeline.

Is there any fix/workaround for this?

[hudochenkov]

@k-koehler I'm using my fix from this PR #2914 with https://github.com/ds300/patch-package

[Magador]

Is the file update-lockfile-version.js at fault ?

lerna/commands/version/lib/update-lockfile-version.js

Lines 16 to 23 in a47fc29

	if (obj) {
	obj.version = pkg.version;
	return writeJsonFile(lockfilePath, obj, {
	detectIndent: true,
	indent: 2,
	}).then(() => lockfilePath);
	}

This seems to only update the package-lock.version property and not package-lock.packages[''].version