[BUG] npm install produces incomplete package-lock.json when ERESOLVE overrides peer deps (npm ci fails immediately after)

[scarytom]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

npm install (from scratch, no existing lock file) succeeds and installs all packages into node_modules, but writes a package-lock.json that is missing transitive dependency entries.

Running npm ci immediately afterwards fails with "Missing: [package] from lock file" for dozens of packages.

The missing packages are all transitive dependencies of packages whose resolution involved ERESOLVE peer dependency overrides (visible as "npm warn ERESOLVE overriding peer dependency" during install).

Running npm install --package-lock-only after the initial npm install produces a correct and complete lock file that npm ci accepts. This proves the resolver can produce the correct output — the bug is in the lock file writer during a full install.

Expected Behavior

npm install should produce a package-lock.json that is immediately usable by npm ci without requiring a separate --package-lock-only pass.

Steps To Reproduce

1. Run:

docker run --rm node:24-trixie bash -c "
  mkdir /work && cd /work &&
  echo '{\"name\":\"repro\",\"private\":true,\"devDependencies\":{\"@aws-amplify/backend\":\"1.21.1\"}}' > package.json &&
  npm install &&
  npm ci
"

npm ci fails with "Missing: json-schema-to-ts@3.1.1 from lock file" and ~100 other missing packages.

Workaround:
Insert npm install --package-lock-only between npm install and npm ci. This regenerates a complete lock file in ~3 seconds.

Environment

• npm: 11.12.1 (also reproduced on 10.x and 11.14.1)
• Node.js: 24.x (node:24-trixie docker image)
• OS Name: Linux (Debian Trixie in Docker)
• System Model Name: N/A (Docker container)
• npm config: default (no .npmrc)