[BUG] npm i -w <ws> <dep> sets dependency version to * in package-lock.json

[legastero]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

Using npm install -w <workspace> <dep>, where <dep> does not include an @ version, then the generated package-lock.json updates the dependencies for <workspace> as <dep>@*.

The dependency version is always correctly set in the workspace's package.json.

If you use npm i -w <workspace> <dep>@latest or any specific tag/version, then things behave as expected.

Expected Behavior

The version of <dep> for <workspace> in package-lock.json should be set to the version that got installed.

Steps To Reproduce

1. In a repo with this layout:

- package.json
- workspaces/
  - a/
    - package.json

and where the root package.json looks like:

{
  "name": "test-npm",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "workspaces": ["workspaces/*"]
}

and workspaces/a/package.json looks like:

{ 
  "name": "a",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC"
} 

2. Using npm 8.19.2 (or even 9.0.0-pre.2)
3. Run npm i -w a react
4. Open generated package-lock.json and see:

  "dependencies": {
    "a": {
      "version": "file:workspaces/a",
      "requires": {
        "react": "*"
      }
    },

whereas workspaces/a/package.json was updated to be:

{
  "name": "a",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "react": "^18.2.0"
  }
}

5. If you run npm i a second time, then the package-lock.json updates to appear as originally expected:

  "dependencies": {
    "a": {
      "version": "file:workspaces/a",
      "requires": {
        "react": "^18.2.0"
      }
    },

Environment

• npm: both v8.19.2 and v9.0.0-pre.2
• Node.js: v16.14.2
• OS Name: macOS
• System Model Name: MacBook Pro
• npm config:

; "user" config from /Users/lance/.npmrc

//registry.npmjs.org/:_authToken = (protected) 

; node bin location = /Users/lance/.nvm/versions/node/v16.14.2/bin/node
; node version = v16.14.2
; npm local prefix = /Users/lance/Developer/test-npm
; npm version = 8.19.2
; cwd = /Users/lance/Developer/test-npm
; HOME = /Users/lance
; Run `npm config ls -l` to show all defaults.```