[BUG] Wrong git hash on install

[TicoDePano]

When I install npm dependencies, one from my private git https server is installed always with the last commit hash, ignoring what is package-lock.json file.

Reading issue #980, I tried with npm ci command. It downloads the correct commit hash, but fails because one dependency in install script is not found yet.

With npm i command, it downloads the last commit hash, but installs correctly.

It seems a bug(or more than one) for me.

[darcyclarke]

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.