Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm install removes resolved and integrity properties from package-lock.json if installed from cache #4263

Open
2 tasks done
SymbioticKilla opened this issue Jan 19, 2022 · 20 comments
Open
2 tasks done

npm install removes resolved and integrity properties from package-lock.json if installed from cache #4263

SymbioticKilla opened this issue Jan 19, 2022 · 20 comments
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release

Comments

@SymbioticKilla
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

If you run npm install with existing package cache inside "node_modules" it creates packages-lock.json without "resolved" and "integrity" properties.

Expected Behavior

"resolved" and "integrity" properties should stay remain after npm install using cache from "node_modules" folder

Steps To Reproduce

1.) Run npm install
2.) package-lock.json is created
3.) node modules are cached inside the project folder under "node_modules" folder
4.) delete package-lock.json and delete one package form "node_modules" folder
5.) Run npm install
6.) package-lock.json is created, but "resolved" and "integrity" properties are removed from each package descriptions inside package-lock.json

Environment

  • npm: 8.1.2
  • Node.js: 16.3.2
  • OS Name: Windows 10
  • System Model Name:
  • npm config:
; copy and paste output from `npm config ls` here
@SymbioticKilla SymbioticKilla added Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release labels Jan 19, 2022
@giovannipds
Copy link

giovannipds commented Feb 24, 2022
edited

In my case, it removes the resolved entry for a company's remote repository, causing the CI pipeline to fail.

  • npm 8.1.3
  • node v16.3.0
  • Mac OS

@ljharb
Copy link
Collaborator

ljharb commented Feb 25, 2022

@giovannipds what about with npm v8.5.2?

@giovannipds
Copy link

@ljharb thanks for interacting. In my case, the issue was in my repository config, it was misconfigured, that's why my resolveds were being removed. Probably not related to what this ticket is about. What fixed for me:

npm config set registry #YOUR_COMPANY_REGISTRY_URL

@jacobduncan00 jacobduncan00 mentioned this issue Mar 7, 2022
Merged
olizilla added a commit to web3-storage/web3.storage that referenced this issue Apr 19, 2022
@olizilla
chore: fix package-lock.json
13cb9e9 
bring back lost `resolved` and `integrity` properties

see: npm/cli#4263

License: (Apache-2.0 AND MIT)
Signed-off-by: Oli Evans <oli@tableflip.io>
@vmasek
Copy link

vmasek commented Jul 3, 2022
edited

I managed to get proper package-lock.json (with integrity and resolve fields) after:

  • cleaning the npm cache npm cache clean -f
  • removing node_modules in project folder
  • removing the package-lock.json file
  • running npm install in now "clean" project folder

@adamjmcgrath adamjmcgrath mentioned this issue Jan 18, 2023
Merged
3 tasks
@aarowman
Copy link

Just ran into this issue on npm 8.19.2 with node v18.12.1.

Cleared the cache and re-ran npm install (slow), then it was ok

@cdpark0530
Copy link

I encountered the same issue with nodejs 16.19.1 and npm 8.19.3

@jeslie0 jeslie0 mentioned this issue Apr 13, 2023
Closed
@daksh-sagar
Copy link

encountered the same issue with node 14.18.0 and npm 8.19.3

@jeslie0 jeslie0 mentioned this issue Apr 25, 2023
Open
@sorgloomer
Copy link

Happened on npm v9.5.0 too. vmaseks workaround worked.

@hlolli hlolli mentioned this issue Jun 1, 2023
Open
@kfayelun
Copy link

kfayelun commented Jul 5, 2023

We also get this. Repeatedly. And it breaks our CI. Started after we updated to new versions of node and npm recently I think, but I see others get it on older versions as well. I'm not 100% if that is what cased it, as we have refactored a lot of stuff lately.
Current versions:
Node: 18.16.0
npm: 9.6.7
old versions:
Node: 16.5.1
npm: not sure unfortunately, but v8.x.x something

Only workaround is @vmasek workaround above. Would love to not have to delete package-lock.json the whole time, any idea whats causing this or if/when it will be fixed?

@WilliButz WilliButz mentioned this issue Jul 7, 2023
Closed
@rbell-mfj
Copy link

For those who dislike the idea of unlocking and potentially version-bumping a ton of dependencies by deleting package-lock, here's a variant of the workaround above that seems to have worked for us:

  1. Delete node_modules folder
  2. Restore package-lock.json from a recent commit prior to the undesired property removal (but keep the existing package.json version)
  3. Run npm install

This should preserve the locked versions of any packages that were already installed prior to the corruption of package-lock, while ensuring anything newer based on package.json also gets installed/updated.

@hatton hatton mentioned this issue Aug 19, 2023
Closed
@relu91 relu91 mentioned this issue Sep 7, 2023
Closed
@Rapol
Copy link

Rapol commented Sep 7, 2023

I had this happened to me during npm solving merge conflicts with npm-merge-driver. Similarly to @rbell-mfj, I restored package-lock.json before merge conflict resolution, applied the updates manually, integrity and resolved were kept.

@LendaVadym
Copy link

I faced the same problem with node 18.12.1 and npm 8.19.2
Had to do actions proposed by vmasek to resolve the problem.

@felschr
Copy link

felschr commented Oct 16, 2023

While this problem persists, npm-lockfile-fix provides an easy way to fix lock files without having to delete & regenerate them. It's less problematic since it doesn't cause any dependency updates.

Also it seems that these are duplicates or related issues: #4460 #6301

This was referenced Oct 16, 2023
Closed
Closed
Merged
Open
Closed
This was referenced Oct 16, 2023
Closed
Closed
@paulschreiber
Copy link

Seeing this with node 20.9.0 and NPM 10.2.1. Workaround from vmasek worked for me, too.

@Laurensdc
Copy link

Also seeing this in node 18.18.2 and npm 9.8.1

@robertsLando robertsLando mentioned this issue Dec 4, 2023
Closed
@lenkan lenkan mentioned this issue Dec 4, 2023
Closed
Desplandis added a commit to Desplandis/itowns that referenced this issue Dec 5, 2023
@Desplandis
fix(package-lock.json): Restore resolved and integrity properties
92758c9 
Caused by an issue of command npm install (see npm/cli#4263).
Introduced by commit a841343
@Desplandis Desplandis mentioned this issue Dec 5, 2023
Merged
Desplandis added a commit to iTowns/itowns that referenced this issue Dec 5, 2023
@Desplandis
fix(package-lock.json): Restore resolved and integrity properties
6737c93 
Caused by an issue of command npm install (see npm/cli#4263).
Introduced by commit a841343
@kira-bruneau kira-bruneau mentioned this issue Dec 16, 2023
Merged
@kira-bruneau kira-bruneau mentioned this issue Dec 28, 2023
Merged
16 tasks
@prabhu prabhu mentioned this issue Jan 2, 2024
Closed
@markostreich markostreich mentioned this issue Jan 18, 2024
Merged
8 tasks
eseidel added a commit to shorebirdtech/website that referenced this issue Jan 25, 2024
@eseidel
workaround npm/cli#4263
d146f81
eseidel added a commit to shorebirdtech/website that referenced this issue Jan 25, 2024
@eseidel
chore: add sitemap (#57)
35d18f0 
* chore: add sitemap

Google search console suggested we do this?  No clue if it's
a good idea or worth doing.

* Include sitemap in layout.astro

* chore: run npm upgrade

Attempting to appease the npm gods.

* workaround npm/cli#4263

* Run npm format
AnthonyGlt pushed a commit to AnthonyGlt/itowns that referenced this issue Feb 22, 2024
@Desplandis @AnthonyGlt
fix(package-lock.json): Restore resolved and integrity properties
60ed790 
Caused by an issue of command npm install (see npm/cli#4263).
Introduced by commit a841343
@CommanderOfCode
Copy link

CommanderOfCode commented Feb 23, 2024
edited

I wonder if the npm team will ever pick this issue up? It's still happening.

@GMartigny
Copy link

Has this issue today, solved it with running npm cache clear --force (not sure if this was useful) and npm update.

@klausbadelt
Copy link

.. solved it with ... npm update.

npm update, or deleting package-lock.json then npm install, IMHO defeats the purpose of package-lock.json and can cause issues downstream (different dependency versions, failing tests, failing deploys, bugs...).
We have package-lock.json change 'randomly' after npm install from different developers. All on the same (at least major) version, causing CI delays (busted cache). Would love to see this solved.

@klausbadelt
Copy link

.. solved it with ... npm update.

npm update, or deleting package-lock.json then npm install, IMHO defeats the purpose of package-lock.json and can cause issues downstream (different dependency versions, failing tests, failing deploys, bugs...).
We have package-lock.json change 'randomly' after npm install from different developers. All on the same (at least major) version, causing CI delays (busted cache).
So, our problem is similar albeit not related to deleting package-lock.json (which we do not recommend every anyway): Subsequent npm installs on different machines change package-lock.json "resolved" and "integrity" entries. Would love to see this solved.

@sorgloomer
Copy link

.. solved it with ... npm update.

npm update, or deleting package-lock.json then npm install, IMHO defeats the purpose of package-lock.json and can cause issues downstream (different dependency versions, failing tests, failing deploys, bugs...). We have package-lock.json change 'randomly' after npm install from different developers. All on the same (at least major) version, causing CI delays (busted cache). So, our problem is similar albeit not related to deleting package-lock.json (which we do not recommend every anyway): Subsequent npm installs on different machines change package-lock.json "resolved" and "integrity" entries. Would love to see this solved.

This might be a dumb suggestion, but couldn't you just ask your developers not to change the package-lock? For example, tell them to use npm ci on their dev machines instead of npm install unless they are intentionally updating packages.

@natsukium natsukium mentioned this issue May 4, 2024
Open
@anselmbradford anselmbradford mentioned this issue May 14, 2024
Merged
@xzfc xzfc mentioned this issue Jun 15, 2024
Merged
@pluiedev pluiedev mentioned this issue Jun 20, 2024
Open
@slavistan slavistan mentioned this issue Jun 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests