Skip to content
This repository has been archived by the owner. It is now read-only.

`npm install` modifies `package-lock`! (changes resolved url protocol!) #20106

Open
ggarek opened this issue Mar 20, 2018 · 3 comments

Comments

Projects
None yet
5 participants
@ggarek
Copy link

commented Mar 20, 2018

I'm opening this issue because:

  • npm is crashing.
  • npm is producing an incorrect install.
  • npm is doing something I don't understand.
  • Other (see below for feature requests):

What's going wrong?

npm install modifies package-lock.js, a package url protocol is being changes https -> http! 😱

➜ npm i
up to date in 9.829s
diff --git a/package-lock.json b/package-lock.json
index 48b5fca..14aaf49 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -660,7 +660,7 @@
         },
         "cacache": {
           "version": "10.0.4",
-          "resolved": "https://registry.npmjs.org/cacache/-/cacache-10.0.4.tgz",
+          "resolved": "http://registry.npmjs.org/cacache/-/cacache-10.0.4.tgz",
           "integrity": "sha512-Dph0MzuH+rTQzGPNT9fAnrPmMmjKfST6trxJeK7NQuHRaVw24VzPRWTmg9MpcwOVQZO0E1FBICUlFeNaKPIfHA==",
           "dev": true,
           "requires": {

How can the CLI team reproduce the problem?

supporting information:

  • npm -v prints: 5.7.1
  • node -v prints: v8.9.3
  • npm config get registry prints: https://registry.npmjs.org/
  • Windows, OS X/macOS, or Linux?: macOS
  • Network issues:
    • Geographic location where npm was run:
    • I use a proxy to connect to the npm registry.
    • I use a proxy to connect to the web.
    • I use a proxy when downloading Git repos.
    • I access the npm registry via a VPN
    • I don't use a proxy, but have limited or unreliable internet access.
  • Container:
    • I develop using Vagrant on Windows.
    • I develop using Vagrant on OS X or Linux.
    • I develop / deploy using Docker.
    • I deploy to a PaaS (Triton, Heroku).

@KenanY KenanY added the npm5 label Mar 20, 2018

@tlaak

This comment has been minimized.

Copy link

commented Mar 23, 2018

I noticed the same problem with npm 5.7.1 and node 9.8.0 but haven't been able to reproduce it after upgrading npm to 5.8.0

@XhmikosR

This comment has been minimized.

Copy link

commented Apr 5, 2018

I'm hitting this with npm 5.6.0 that ships with node.js 8 LTS.

If this is a fixed issue, the fix should be backported or update npm for the LTS releases too.

@yurivyatkin

This comment has been minimized.

Copy link

commented Apr 24, 2018

I experienced this issue for npm 5.8.0, node v8.9.4. (I've just upgraded npm to resolve the integrity issue, but then the resolved url's began changing randomly).

The problem has been solved after performing the steps from #16938 (comment) :

$ rm -rf node_modules/
$ npm cache clean --force
(Revert the changes in your package-lock.json file)
$ npm i

I hope this may help to someone.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.