Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] npm ci doesn't exit when dependencies in lockfile do not match the package.json #3947

Closed
1 task done
koenpunt opened this issue Oct 27, 2021 · 2 comments
Closed
1 task done

[BUG] npm ci doesn't exit when dependencies in lockfile do not match the package.json #3947

koenpunt opened this issue Oct 27, 2021 · 2 comments
Labels
Bug thing that needs fixing Release 8.x work is associated with a specific npm 8 release

Comments

@koenpunt
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

When the package.json was updated with new dependencies, and the lockfile isn't, npm ci successfully installs the dependencies.

Expected Behavior

According to the documentation npm ci should exit when there's a discrepancy between the package.json and the lockfile.

If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
https://docs.npmjs.com/cli/v7/commands/npm-ci

Steps To Reproduce

  1. Create an empty directory
  2. Initialize npm; npm init -f && npm install
  3. Add a dependency to the package.json, but don't update the package-lock.json; 
    npm install --save --no-package-lock leftpad
  4. Run npm ci
  5. See: There's no error.

Environment

  • OS: macOS
  • Node: 14.16.0
  • npm: 8.1.1
@koenpunt koenpunt added Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release labels Oct 27, 2021
PiDelport added a commit to ntls-io/nautilus-wallet that referenced this issue Oct 27, 2021
@PiDelport
ci(web-client): work around "npm ci" being broken
dc0acbe 
Upstream issue:

* npm/cli#3947
@PiDelport PiDelport mentioned this issue Oct 27, 2021
Merged
@PiDelport
Copy link

The following check can work around this, in the meantime:

npm install
git diff --exit-status

PiDelport added a commit to ntls-io/nautilus-wallet that referenced this issue Oct 27, 2021
@PiDelport
ci(web-client): work around "npm ci" being broken (#128)
ac97fb5 
* ci(web-client): work around "npm ci" being broken

Upstream issue:

* npm/cli#3947

* chore(web-client): sync package-lock.json
@legopin
Copy link

legopin commented Nov 8, 2021

This issue already exists in #2701
Not sure why it wasn't fixed yet

Thanks for the work around, might consider it

@lirantal lirantal mentioned this issue Dec 25, 2021
Closed
2 tasks
@ruyadorno ruyadorno removed the Needs Triage needs review for next steps label Feb 3, 2022
ruyadorno added a commit to ruyadorno/cli that referenced this issue Feb 3, 2022
@ruyadorno
fix(ci): lock file validation
2620447 
Make sure to validate any lock file (either package-lock.json or
npm-shrinkwrap.json) against the current install. This will properly
throw an error in case any of the dependencies being installed don't
match the dependencies that are currently listed in the lock file.

Fixes: npm#2701
Fixes: npm#3947
@ruyadorno ruyadorno mentioned this issue Feb 3, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Release 8.x work is associated with a specific npm 8 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ruyadorno @koenpunt @PiDelport @legopin