Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] running npm update erases the name field from package-lock.json #5470

Open
2 tasks done
romainmenke opened this issue Sep 5, 2022 · 2 comments
Open
2 tasks done

[BUG] running npm update erases the name field from package-lock.json #5470

romainmenke opened this issue Sep 5, 2022 · 2 comments
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release

Comments

@romainmenke
Copy link

romainmenke commented Sep 5, 2022
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

running npm update erases the name field from package-lock.json for workspaces.

When the name field is missing other cli commands like npm audit get confused.

Expected Behavior

running npm update does not have unexpected side effects in projects that use workspaces

Steps To Reproduce

I've created a reproduction here: https://github.com/romainmenke/npm-update-bug-1

run npm update and then git diff on branch main to see the effects on package-lock.json

I've also create a pull request with this same diff :
romainmenke/npm-update-bug-1#1

Environment

  • npm: 8.18.0
  • Node.js: v18.8.0
@romainmenke romainmenke added Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release labels Sep 5, 2022
@romainmenke
Copy link
Author

seems related :

@webstech
Copy link

webstech commented Nov 19, 2022
edited
Loading

Experiencing similar problems with v9.1.1. It is not just update that has a problem. Observations in a new project:

  1. npm init a new project
  2. npm init -w foo/bar creates an entry in package-lock.json with name. Specify a package name of @foo/bar.
  3. npm init -w foo/bar2 creates an entry in package-lock.json without name. Specify a package name of @foo/bar2.
  4. npm init -w foo/bar3 creates an entry in package-lock.json without name but adds name to the foo/bar2 entry. Specify a package name of @foo/bar3.
  5. Running npm ls after creating bar2 and bar3 gets an error on foo/bar3.

Oddly, the bar2/3 entries also get devDependencies attributes.

Repair:

  1. Delete package-lock.json
  2. Run npm install --workspaces
  3. npm ls runs successfully. The names are present in the package-lock.json file

Regression:

  1. Run npm update - name is dropped from all workspace nodes in the package-lock.json file
  2. npm ls fails with an error on every workspace

Edge.js was setting outer edges invalid due to missing name. Have not tracked back to why name is not set in the first place.

Edited to indicate package names should be specified when creating the new workspaces.

@webstech webstech mentioned this issue Nov 19, 2022
Open
2 tasks
@deivid-rodriguez deivid-rodriguez mentioned this issue Jan 25, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@webstech @romainmenke