fix: Remove lock file if old version format (#22711)

Remove the package-lock.json file
if it is made with lockfileVersion
1 or 2 as else there are conflicts
when using new npm version.

Fixes #22676

Author: caalador

flow-server/src/main/java/com/vaadin/flow/server/frontend/TaskRunNpmInstall.java

@@ -15,7 +15,9 @@
  */
 package com.vaadin.flow.server.frontend;
 
+import java.io.BufferedReader;
 import java.io.File;
+import java.io.FileReader;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UncheckedIOException;
@@ -27,6 +29,8 @@
 import java.util.Map;
 import java.util.concurrent.ExecutionException;
 import java.util.function.Consumer;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
 import org.apache.commons.io.FileUtils;
@@ -516,6 +520,8 @@ private void createNpmRcFile() throws IOException {
     }
 
     private void cleanUp() throws ExecutionFailedException {
+        verifyPackageLockAndClean();
+
         if (!options.getNodeModulesFolder().exists()) {
             return;
         }
@@ -543,6 +549,53 @@ private void cleanUp() throws ExecutionFailedException {
         }
     }
 
+    /**
+     * Check the lockfile lockversion to see if it is compatible with the used
+     * npm version. If the lockfile is too old delete it.
+     */
+    protected void verifyPackageLockAndClean() {
+        File packageLockFile = packageUpdater.getPackageLockFile();
+        if (!options.isEnablePnpm() && packageLockFile.exists()) {
+            boolean removeLockfile = false;
+            try (BufferedReader br = new BufferedReader(
+                    new FileReader(packageLockFile))) {
+                String line;
+                while ((line = br.readLine()) != null) {
+                    if (line.contains("\"lockfileVersion\"")) {
+                        int lockfileVersion = getLockfileVersion(line);
+                        removeLockfile = lockfileVersion != 3;
+                        break;
+                    }
+                }
+            } catch (IOException e) {
+                // NO-OP
+                packageUpdater.log()
+                        .debug("Failed to read the package-lock.json file.", e);
+            }
+            if (removeLockfile) {
+                packageUpdater.log().info(
+                        "Removing package-lock.json as it has the wrong lockfileVersion.");
+                try {
+                    FileUtils.delete(packageLockFile);
+                } catch (IOException e) {
+                    // NO-OP
+                    packageUpdater.log().warn(
+                            "Exception handling the package-lock.json file.",
+                            e);
+                }
+            }
+        }
+    }
+
+    private static int getLockfileVersion(String line) {
+        Matcher matcher = Pattern.compile("\"lockfileVersion\"\\s*:\\s*(\\d+)")
+                .matcher(line);
+        if (matcher.find()) {
+            return Integer.parseInt(matcher.group(1));
+        }
+        return -1;
+    }
+
     private void deleteNodeModules(File nodeModulesFolder)
             throws ExecutionFailedException {
         try {

flow-server/src/test/java/com/vaadin/flow/server/frontend/TaskRunNpmInstallTest.java

@@ -590,4 +590,133 @@ void deleteDirectory(File dir) throws IOException {
                 .map(Path::toFile).forEach(File::delete);
     }
 
+    @Test
+    public void verifyPackageLockAndClean_lockfileVersion3_fileNotRemoved()
+            throws IOException {
+        File packageLockFile = new File(npmFolder, "package-lock.json");
+        String packageLockContent = """
+                {
+                  "name": "test-project",
+                  "version": "1.0.0",
+                  "lockfileVersion": 3,
+                  "requires": true,
+                  "packages": {}
+                }
+                """;
+        FileUtils.write(packageLockFile, packageLockContent,
+                StandardCharsets.UTF_8);
+
+        task.verifyPackageLockAndClean();
+
+        Assert.assertTrue(
+                "package-lock.json with version 3 should not be removed",
+                packageLockFile.exists());
+    }
+
+    @Test
+    public void verifyPackageLockAndClean_lockfileVersion2_fileRemoved()
+            throws IOException {
+        File packageLockFile = new File(npmFolder, "package-lock.json");
+        String packageLockContent = """
+                {
+                  "name": "test-project",
+                  "version": "1.0.0",
+                  "lockfileVersion": 2,
+                  "requires": true,
+                  "packages": {}
+                }
+                """;
+        FileUtils.write(packageLockFile, packageLockContent,
+                StandardCharsets.UTF_8);
+
+        task.verifyPackageLockAndClean();
+
+        Assert.assertFalse("package-lock.json with version 2 should be removed",
+                packageLockFile.exists());
+    }
+
+    @Test
+    public void verifyPackageLockAndClean_lockfileVersion1_fileRemoved()
+            throws IOException {
+        File packageLockFile = new File(npmFolder, "package-lock.json");
+        String packageLockContent = """
+                {
+                  "name": "test-project",
+                  "version": "1.0.0",
+                  "lockfileVersion": 1,
+                  "requires": true,
+                  "dependencies": {}
+                }
+                """;
+        FileUtils.write(packageLockFile, packageLockContent,
+                StandardCharsets.UTF_8);
+
+        task.verifyPackageLockAndClean();
+
+        Assert.assertFalse("package-lock.json with version 1 should be removed",
+                packageLockFile.exists());
+    }
+
+    @Test
+    public void verifyPackageLockAndClean_withSpaces_correctlyParsed()
+            throws IOException {
+        File packageLockFile = new File(npmFolder, "package-lock.json");
+        String packageLockContent = """
+                {
+                  "name": "test-project",
+                  "version": "1.0.0",
+                  "lockfileVersion"  :  3,
+                  "requires": true,
+                  "packages": {}
+                }
+                """;
+        FileUtils.write(packageLockFile, packageLockContent,
+                StandardCharsets.UTF_8);
+
+        task.verifyPackageLockAndClean();
+
+        Assert.assertTrue(
+                "package-lock.json with version 3 (with spaces) should not be removed",
+                packageLockFile.exists());
+    }
+
+    @Test
+    public void verifyPackageLockAndClean_pnpmEnabled_fileNotChecked()
+            throws IOException {
+        options.withEnablePnpm(true);
+        task = createTask(new ArrayList<>());
+
+        File packageLockFile = new File(npmFolder, "package-lock.json");
+        String packageLockContent = """
+                {
+                  "name": "test-project",
+                  "version": "1.0.0",
+                  "lockfileVersion": 2,
+                  "requires": true,
+                  "packages": {}
+                }
+                """;
+        FileUtils.write(packageLockFile, packageLockContent,
+                StandardCharsets.UTF_8);
+
+        task.verifyPackageLockAndClean();
+
+        Assert.assertTrue(
+                "package-lock.json should not be checked when pnpm is enabled",
+                packageLockFile.exists());
+    }
+
+    @Test
+    public void verifyPackageLockAndClean_noLockfile_doesNotThrow() {
+        File packageLockFile = new File(npmFolder, "package-lock.json");
+        Assert.assertFalse("package-lock.json should not exist",
+                packageLockFile.exists());
+
+        // Should not throw any exception
+        task.verifyPackageLockAndClean();
+
+        Assert.assertFalse("package-lock.json should still not exist",
+                packageLockFile.exists());
+    }
+
 }