Licence missing for npm update

[chrisdlangton]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

Licensing information is entered into the package-lock.json when you run nom install, but afterwards you lose all licences in the file after you execute npm update

Perhaps a regression? It's reoccurring issue.

Seems to be fixed in v10.8.2 according to issue 5532 comment by @lukekarrys

Expected Behavior

Running npm update doesn't remove licence information, it only updates it if it changed, which may actually be a removal of the licence for the updated version - but not stop licences from all packages whether or not the package was updated, and specially don't remove licences for packages that still have a licence

Steps To Reproduce

I narrowed it down to the difference between:

npm install works as expected

npm update strips licenses

Environment

nvm use --lts
node --version
// 10.8.2
npm --version
// v20.15.1

[kchindam-infy]

@chrisdlangton The package-lock.json file primarily tracks versions, resolved URLS and integrity checksums, does not typically include the license information in the package.json at your root folder. The license information at the node_modules/ is intact even after npm update. If you have a different scenario, please provide the complete details.

[chrisdlangton]

Either it is consistent at including it from an install and remains after update too OR it never was added using install in the first place (currently it is)

I'm not sure what you mean by "use case", that's a distraction from facts.

It's essentially that npm commits to maintain it's own consistency, and can be reliable, or you decide to stop producing the licence information because you can't provide consistency

[kchindam-infy]

As i already mentioned the it is tested on npm 10.8.2 and the license information is included in the package-lock.json on npm install and it remained intact on npm update.