[BUG] npm dedupe after npm update removes everything in package.json & package-lock.json and changes package name to "dedupe" #1693

kokarn · 2020-08-19T07:07:15Z

Current Behavior:

Empties everything except name from package.json & package-lock.json

$ npm dedupe
removed 1925 packages in 28s

package.json

{
  "name": "dedupe"
}

Expected Behavior:

Dedupe should dedupe, maybe with smaller changes?

Steps To Reproduce:

Pretty basic react app with the following package.json

{
  "name": "dedupe-test",
  "version": "0.1.0",
  "private": true,
  "dependencies": {
    "@testing-library/jest-dom": "^4.2.4",
    "@testing-library/react": "^9.5.0",
    "@testing-library/user-event": "^7.2.1",
    "got": "^11.5.1",
    "history": "^5.0.0",
    "react": "^16.13.1",
    "react-dom": "^16.13.1",
    "react-router-dom": "^5.2.0",
    "react-scripts": "^3.4.1",
    "victory": "^35.0.8"
  },
  "scripts": {
    "ci-test": "echo \"works\""
  },
  "eslintConfig": {
    "extends": "react-app"
  },
  "browserslist": {
    "production": [
      ">0.2%",
      "not dead",
      "not op_mini all"
    ],
    "development": [
      "last 1 chrome version",
      "last 1 firefox version",
      "last 1 safari version"
    ]
  },
  "devDependencies": {
    "husky": "^4.2.5"
  },
  "husky": {
    "hooks": {
      "pre-commit": "npm run ci-test",
      "pre-push": "npm run ci-test"
    }
  }
}

npm install
npm update
npm dedupe

Environment:

OS: macOS 10.15.6
Node: 14.7.0
NPM: 7 beta 5

The text was updated successfully, but these errors were encountered:

isaacs · 2020-08-20T23:17:08Z

Same root cause as #1690. Will be fixed in next update.

- Load root project `package.json` when running loadVirtual. Fix: #1690 Fix: #1693 - Fetch metadata from registry when loading tree from outdated package-lock.json file. This avoids a situation where a lockfile or shrinkwrap from npm v5 would result in deleting dependencies on install. - Preserve `package.json` and `package-lock.json` formatting in all places where these files are written. Fix: #1662

isaacs · 2020-08-23T20:20:41Z

Fixed in latest v7 beta. Thanks!

kokarn added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Aug 19, 2020

kokarn changed the title ~~[BUG] npm dedupe after npm update removes everything in package.json & package-lock.json~~ [BUG] npm dedupe after npm update removes everything in package.json & package-lock.json and changes project name to "dedupe" Aug 19, 2020

kokarn changed the title ~~[BUG] npm dedupe after npm update removes everything in package.json & package-lock.json and changes project name to "dedupe"~~ [BUG] npm dedupe after npm update removes everything in package.json & package-lock.json and changes package name to "dedupe" Aug 19, 2020

isaacs closed this as completed Aug 23, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] npm dedupe after npm update removes everything in package.json & package-lock.json and changes package name to "dedupe" #1693

[BUG] npm dedupe after npm update removes everything in package.json & package-lock.json and changes package name to "dedupe" #1693

kokarn commented Aug 19, 2020 •

edited

Loading

isaacs commented Aug 20, 2020

isaacs commented Aug 23, 2020

[BUG] npm dedupe after npm update removes everything in package.json & package-lock.json and changes package name to "dedupe" #1693

[BUG] npm dedupe after npm update removes everything in package.json & package-lock.json and changes package name to "dedupe" #1693

Comments

kokarn commented Aug 19, 2020 • edited Loading

Current Behavior:

Expected Behavior:

Steps To Reproduce:

Environment:

isaacs commented Aug 20, 2020

isaacs commented Aug 23, 2020

kokarn commented Aug 19, 2020 •

edited

Loading