Skip to content

[BUG] npm i -w <ws> <dep> sets dependency version to * in package-lock.json #5587

New issue
New issue
Closed
Closed
[BUG] npm i -w <ws> <dep> sets dependency version to * in package-lock.json#5587
Assignees
wraithgar
Labels
Bugthing that needs fixingPriority 1high priority issueRelease 8.xwork is associated with a specific npm 8 release
@legastero

Description

@legastero
legastero
opened on Sep 26, 2022

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

Using npm install -w <workspace> <dep>, where <dep> does not include an @ version, then the generated package-lock.json updates the dependencies for <workspace> as <dep>@*.

The dependency version is always correctly set in the workspace's package.json.

If you use npm i -w <workspace> <dep>@latest or any specific tag/version, then things behave as expected.

Expected Behavior

The version of <dep> for <workspace> in package-lock.json should be set to the version that got installed.

Steps To Reproduce

  1. In a repo with this layout:
- package.json
- workspaces/
  - a/
    - package.json

and where the root package.json looks like:

{
  "name": "test-npm",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "workspaces": ["workspaces/*"]
}

and workspaces/a/package.json looks like:

{ 
  "name": "a",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC"
}
  1. Using npm 8.19.2 (or even 9.0.0-pre.2)
  2. Run npm i -w a react
  3. Open generated package-lock.json and see:
  "dependencies": {
    "a": {
      "version": "file:workspaces/a",
      "requires": {
        "react": "*"
      }
    },

whereas workspaces/a/package.json was updated to be:

{
  "name": "a",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "react": "^18.2.0"
  }
}
  1. If you run npm i a second time, then the package-lock.json updates to appear as originally expected:
  "dependencies": {
    "a": {
      "version": "file:workspaces/a",
      "requires": {
        "react": "^18.2.0"
      }
    },

Environment

  • npm: both v8.19.2 and v9.0.0-pre.2
  • Node.js: v16.14.2
  • OS Name: macOS
  • System Model Name: MacBook Pro
  • npm config:
; "user" config from /Users/lance/.npmrc

//registry.npmjs.org/:_authToken = (protected) 

; node bin location = /Users/lance/.nvm/versions/node/v16.14.2/bin/node
; node version = v16.14.2
; npm local prefix = /Users/lance/Developer/test-npm
; npm version = 8.19.2
; cwd = /Users/lance/Developer/test-npm
; HOME = /Users/lance
; Run `npm config ls -l` to show all defaults.```

Metadata

Metadata

Assignees

Labels

Bugthing that needs fixingPriority 1high priority issueRelease 8.xwork is associated with a specific npm 8 release

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions