[BUG] npm install delivers different package-lock second time run with overrides #4939
Labels
Bug
thing that needs fixing
config:overrides
Issues dealing with the overrides feature
Needs Triage
needs review for next steps
Release 8.x
work is associated with a specific npm 8 release
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Recreating your package-lock.json (
rm -rf node_modules package-lock.json; npm i
) then follow it with annpm i
on a package.json with npm overrides set (https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides) gives you different package-lock.json output (causing git churn for any one else in your repository)Same thing happens with running
npm update
on a repository with npm overrides, followed bynpm i
For examples, see the commits at https://github.com/miWatch10/renovate-overrides/pull/4/commits
There are 4 listed:
rm -rf node_modules package-lock.json; npm i
npm i
npm update
npm i
Each of which churn the package-lock.json back and forth. I would expect them to all have the same results (since there was no packages actually changed)
Expected Behavior
Running
npm i
after a rebuild of package-lock.json or after annpm update
would not change/churn the package-lock.json --- instead would be consistent.Steps To Reproduce
rm -rf node_modules package-lock.json; npm i
npm i
Or
npm update
npm i
Environment
The text was updated successfully, but these errors were encountered: