npm removes packages on install

[darcyclarke]

  Original bug ticket: [https://npm.community/t/9432](https://npm.community/t/9432)
  Originally filed: 2019-08-12T14:27:35.621Z

[jacobq]

Looks like this is also nearly the same as the problem described in npm/npm#17379 (comment). This is still plaguing me in 6.13.3 in that running npm install <something> causes dependencies specified with GitHub repositories instead of semver strings in package.json to get removed from node_modules.

Supposedly, using --no-package-lock option should prevent this behavior, but it made no difference when I tried it just now. However, even if it did, the overall developer experience would still be poor. Consider the use case of using yarn and tracking yarn.lock instead of package-lock.json (having multiple/competing lock files is not recommended). AFAICT, yarn has no --no-save equivalent so it seems reasonable that a developer might use npm install --no-save [--no-package-lock] some-package to temporarily install a module for experimentation. As others have noted, it is quite surprising to find that doing a one-off installation of a module should remove anything, especially things that are almost completely unrelated (that is, aside from happening to be part of the same project).