[BUG] npm ci validates package-lock.json that is generated with an older version of npm and fails to resolve #5125
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
package-lock.json generated prior to 8.6.0 is generating package-locks that the new version cannot resolve:
npm ERR! code EUSAGE
npm ERR!
npm ERR! `npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing.
npm ERR!
npm ERR! Invalid: lock file's type-fest@0.21.3 does not satisfy type-fest@0.13.1
npm ERR! Missing: type-fest@0.21.3 from lock file
npm ERR!
npm ERR! Clean install a project
npm ERR!
npm ERR! Usage:
npm ERR! npm ci
npm ERR!
npm ERR! Options:
npm ERR! [--no-audit] [--foreground-scripts] [--ignore-scripts]
npm ERR! [--script-shell <script-shell>]
npm ERR!
npm ERR! aliases: clean-install, ic, install-clean, isntall-clean
npm ERR!
npm ERR! Run "npm help ci" for more info
Common libraries like create-react-app use @ pmmmwh/react-refresh-webpack-plugin library which has a dependency of type-fest@0.13.1. Version of npm prior to 8.6.0 would not include type-fest@0.13.1 in the package-lock.json
After the 8.6.0 release, old package-locks would not work for installing dependencies with npm ci
Expected Behavior
npm ci should not fail with lockfiles generated by older version npm
Steps To Reproduce
See this commit tree for an example of a project with a lockfile that is valid for an old version of npm and not valid for new ones.
Run npm ci with npm version 8.6.0 or higher to get the error or see this github actions pipeline
Environment
- npm: 8.13.2
- Node.js: 16.15.1
- OS Name: ubuntu-latest
- System Model Name: Github actions runner