[BUG] `npm install` removes resolved and integrity fields

Question

[BUG] `npm install` removes resolved and integrity fields

targos opened this issue a year ago · 15 comments

targos commented a year ago

Is there an existing issue for this?

I have searched the existing issues

This issue exists in the latest npm version

I am using the latest npm

Current Behavior

Sometimes, when npm updates the package-lock.json after a npm install, it replaces some of the "resolved" and "integrity" fields with "license".

Example:

Expected Behavior

npm install should not randomly change the schema of the lockfile.

Steps To Reproduce

I'm still trying to figure out reproduction steps. I think the bug is related to the state of node_modules when npm install is executed.

Environment

npm: 9.5.0
Node.js: v18.15.0
OS Name: macOS 13.3
System Model Name: Macbook Pro M2
npm config:

; "user" config from /Users/mzasso/.npmrc

//registry.npmjs.org/:_authToken = (protected)

; "project" config from /project/.npmrc

lockfile-version = "3"

Answer 1 · 2023-03-30T19:34:15.000Z

We've seen this before but never had a reproduction case for it. That would go a long way to fixing this.