npm install removes resolved and integrity properties from package-lock.json if installed from cache #4263
Comments
SymbioticKilla
added
Bug
|
In my case, it removes the
|
|
@giovannipds what about with npm v8.5.2? |
|
@ljharb thanks for interacting. In my case, the issue was in my repository config, it was misconfigured, that's why my npm config set registry #YOUR_COMPANY_REGISTRY_URL |
bring back lost `resolved` and `integrity` properties see: npm/cli#4263 License: (Apache-2.0 AND MIT) Signed-off-by: Oli Evans <[email protected]>
|
I managed to get proper
|
|
Just ran into this issue on Cleared the cache and re-ran |
|
I encountered the same issue with nodejs |
|
encountered the same issue with node |
|
Happened on |
|
We also get this. Repeatedly. And it breaks our CI. Started after we updated to new versions of node and npm recently I think, but I see others get it on older versions as well. I'm not 100% if that is what cased it, as we have refactored a lot of stuff lately. Only workaround is @vmasek workaround above. Would love to not have to delete |
|
For those who dislike the idea of unlocking and potentially version-bumping a ton of dependencies by deleting package-lock, here's a variant of the workaround above that seems to have worked for us:
This should preserve the locked versions of any packages that were already installed prior to the corruption of package-lock, while ensuring anything newer based on |
|
I had this happened to me during npm solving merge conflicts with |
|
I faced the same problem with node 18.12.1 and npm 8.19.2 |
|
While this problem persists, npm-lockfile-fix provides an easy way to fix lock files without having to delete & regenerate them. It's less problematic since it doesn't cause any dependency updates. Also it seems that these are duplicates or related issues: #4460 #6301 |
Caused by an issue of command npm install (see npm/cli#4263). Introduced by commit a841343
Caused by an issue of command npm install (see npm/cli#4263). Introduced by commit a841343
* chore: add sitemap Google search console suggested we do this? No clue if it's a good idea or worth doing. * Include sitemap in layout.astro * chore: run npm upgrade Attempting to appease the npm gods. * workaround npm/cli#4263 * Run npm format
Caused by an issue of command npm install (see npm/cli#4263). Introduced by commit a841343
|
I wonder if the npm team will ever pick this issue up? It's still happening. |
|
Has this issue today, solved it with running |
|
This might be a dumb suggestion, but couldn't you just ask your developers not to change the |
When building Packit with Nix (and other sandboxed build systems), these fields are used to prefetch the dependencies. For some reason they are missing from our file for all but one dependency. There seems to be some npm bug that causes these fields to be removed under certain conditions (npm/cli#4263, npm/cli#6301). Deleting the lockfile and running `npm install` again produces a new file that has the missing fields. However in doing so all the dependencies are updated, which I'd rather not right now. Instead I used the script at https://github.com/jeslie0/npm-lockfile to add the fields without changing the version numbers.
Release notes: https://docs.goauthentik.io/docs/releases/2024.8 Still includes the same hacky workaround for one of the dependencies that was introduced in the 2024.6.1 update. See components/docs.nix for more information. Also, as upstream package-lock.json files do not include source hashes and urls for a lot of dependencies, building authentik from source is only possible after they've been resolved. This makes it kind of a gamble to try and reproduce a build with the same set of dependencies that the devs use. This is why the two relevant lock files are vendored here now. See upstream issues for more information: - goauthentik/authentik#6180 - goauthentik/authentik#11169 and the npm issue for the underlying reason: npm/cli#4263 Flake lock file updates: • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01) → 'github:hercules-ci/flake-parts/567b938d64d4b4112ee253b9274472dc3a346eb6' (2024-09-01) • Updated input 'flake-parts/nixpkgs-lib': 'https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01) → 'https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz?narHash=sha256-Ss8QWLXdr2JCBPcYChJhz4xJm%2Bh/xjl4G0c0XlP6a74%3D' (2024-09-01) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21) → 'github:NixOS/nixpkgs/574d1eac1c200690e27b8eb4e24887f8df7ac27c' (2024-09-06) • Updated input 'poetry2nix': 'github:nix-community/poetry2nix/884b66152b0c625b8220b570a31dc7acc36749a3' (2024-08-21) → 'github:nix-community/poetry2nix/a313fd7169ae43ecd1a2ea2f1e4899fe3edba4d2' (2024-09-05)
|
## Which problem is this PR solving? - Add missing integrity checks to package-lock.json ## Description of the changes - I noticed some lockfile entries didn't have the `resolved` and `integrity` field set. This PR fixed that. - I think it's related to this npm issue: npm/cli#4263 ## How was this change tested? - no functional change ## Checklist - [X] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [X] I have signed all commits - [ ] I have added unit tests for the new functionality - [ ] I have run lint and test steps successfully - for `jaeger`: `make lint test` - for `jaeger-ui`: `yarn lint` and `yarn test` Signed-off-by: Andreas Gerstmayr <[email protected]>
and others
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
If you run npm install with existing package cache inside "node_modules" it creates packages-lock.json without "resolved" and "integrity" properties.
Expected Behavior
"resolved" and "integrity" properties should stay remain after npm install using cache from "node_modules" folder
Steps To Reproduce
1.) Run npm install
2.) package-lock.json is created
3.) node modules are cached inside the project folder under "node_modules" folder
4.) delete package-lock.json and delete one package form "node_modules" folder
5.) Run npm install
6.) package-lock.json is created, but "resolved" and "integrity" properties are removed from each package descriptions inside package-lock.json
Environment
; copy and paste output from `npm config ls` hereThe text was updated successfully, but these errors were encountered: