Repository to highlight bug for npm ci when used on versions above 8.5.5
Node Version: 16.14.2 or newer NPM Version: 8.6.0 or newer
This repo was set up with [email protected] and running npm install
If this repo is cloned and npm ci is run the following error is displayed:
Listing the conflicts that npm detects from package-lock.json.
If npm i is used at this time or npm i --package-lock-only the following security vulnerabilities which were overriden in the package.json become restored:
This behaviour is consistent on versions 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0 with these dependencies.
If downgraded to [email protected] the npm ci command runs without error.