Problems with npm@8.3.0 and overrides #11013

DonJayamanne · 2022-08-02T05:02:54Z

Problem: Currently we're unable to pin certain packages to specific versions due to a bug in the version of npm used

We rely on overrides section in package.json to pin specific packages to particular versions

Known issue with some versions of npm [BUG] Overrides are not updating after running npm install npm/cli#4232
Seems to be working in 8.15.0 (latest) for me, even though others complain about 8.14.0

Solutions

Enforce node and npm/yarn versions in package.json
- i think it's over kill, but this prevents generation of lock files that are not reproducible (we have such lock files today)
Option 1: Use yarn
Option 2: Update npm to the latest version
- Clearly document the version of node and npm required
  If a package is manually and entry added into package.json, then we should document this in package.json
  E.g. add a section, this won't be necessary if we use yarn or if we use the latest version of npm
```
"depedencies-manually-added": {
    "added-to-fix-dependabot-issues": ["<package>:<version>"]
}
```

The text was updated successfully, but these errors were encountered:

DonJayamanne added bug Issue identified by VS Code Team member as probable bug debt Code quality issues labels Aug 2, 2022

DonJayamanne self-assigned this Aug 2, 2022

DonJayamanne removed the bug Issue identified by VS Code Team member as probable bug label Aug 2, 2022

github-actions bot added the triage-needed Issue needs to be triaged label Aug 2, 2022

DonJayamanne added discuss-at-standup and removed triage-needed Issue needs to be triaged labels Aug 2, 2022

DonJayamanne mentioned this issue Aug 2, 2022

Update packages and npm version #11025

Merged

DonJayamanne closed this as completed in #11025 Aug 2, 2022

github-actions bot locked as resolved and limited conversation to collaborators Aug 3, 2023

Provide feedback