[BUG] 6.x update inconsistent

[TysonMN]

npm update is not consistent for me. Sometimes it updates one dependency, sometimes it updates another dependency, and sometimes it updates no dependencies.

Steps To Reproduce

1. Checkout this commit
2. Open a terminal in the root of the repository
3. Execute cd .codedoc
4. Execute npm update
5. Consider discarding all changed files
6. Go to step 4

At that commit, the contents of my package.json file is

{
  "dependencies": {
    "@codedoc/coding-blog-plugin": "^0.1.10",
    "@codedoc/core": "^0.2.10"
  },
  "devDependencies": {
    "source-map-loader": "^1.0.0"
  }
}

Both of my non-dev dependencies have updates available.

Expected Behavior

I expected executing npm in step 4 to update both of my non-dev dependencies to their latest versions.

Current Behavior

The behavior of step 4 is inconsistent. Here are two sequential executions of npm update.

twilliams@EDMONDS MINGW64 /c/Code/Blogs/tyson-williams-blog/.codedoc ((51e6d29...))
$ npm update
npm WARN ts-loader@6.2.2 requires a peer of typescript@* but none is installed. You must install peer dependencies yourself.
npm WARN .codedoc No description
npm WARN .codedoc No repository field.
npm WARN .codedoc No license field.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.13 (node_modules\watchpack-chokidar2\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

+ @codedoc/coding-blog-plugin@0.1.11
removed 1 package, updated 47 packages and audited 599 packages in 10.801s

10 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities


twilliams@EDMONDS MINGW64 /c/Code/Blogs/tyson-williams-blog/.codedoc ((51e6d29...))
$ npm update
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN notsup Unsupported engine for watchpack-chokidar2@2.0.0: wanted: {"node":"<8.10.0"} (current: {"node":"12.18.0","npm":"6.14.7"})
npm WARN notsup Not compatible with your version of node/npm: watchpack-chokidar2@2.0.0
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.1.2 (node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules\watchpack-chokidar2\node_modules\chokidar\node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
npm WARN ts-loader@6.2.2 requires a peer of typescript@* but none is installed. You must install peer dependencies yourself.
npm WARN .codedoc No description
npm WARN .codedoc No repository field.
npm WARN .codedoc No license field.

+ @codedoc/core@0.2.11
added 1 package from 1 contributor, updated 45 packages and audited 600 packages in 19.735s

5 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

Then I discard all changes via git and executed npm update again. This time, nothing happened.

twilliams@EDMONDS MINGW64 /c/Code/Blogs/tyson-williams-blog/.codedoc ((51e6d29...))
$ npm update

That is what usually happened. I was surprised when npm update actually updated something. Those two executions above are the only times that executing npm update ever did anything for me.

Related Issues

#708 is also about npm update not doing anything, but the conclusion there seems to be that the caret (^) symbol wasn't being used in the package versions. My package versions do include that symbol, so I don't think that issue covers this situation.

Environment

• OS: WIndow 10
• Node: 12.18.0
• NPM: 6.14.7

[darcyclarke]

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.