Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] npm update --dev triggers npm WARN old lockfile each time #3899

Closed
1 task done
ehoogeveen-medweb opened this issue Oct 15, 2021 · 4 comments · Fixed by npm/arborist#339
Closed
1 task done

[BUG] npm update --dev triggers npm WARN old lockfile each time #3899

ehoogeveen-medweb opened this issue Oct 15, 2021 · 4 comments · Fixed by npm/arborist#339
Assignees
@lukekarrys
Labels
Bug thing that needs fixing Priority 1 high priority issue Release 8.x work is associated with a specific npm 8 release

Comments

@ehoogeveen-medweb
Copy link

ehoogeveen-medweb commented Oct 15, 2021
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Looks like this bug is back (though maybe the cause is different). Every time I run npm update --dev it says that my package-lock.json file was created with an old version of npm and it's doing a one-time fix-up.

npm 8.0.0 did not have this problem.

Expected Behavior

Either no fix-up (it happens even in an empty repo), or only one time.

Steps To Reproduce

  1. From an empty directory
  2. Run npm init -y
  3. Run npm update --dev (this creates a package-lock.json)
  4. Run npm update --dev again (this triggers the warning)
  5. Note the npm WARN old lockfile

Environment

  • OS: Windows 10 20H2 x64
  • Node: 14.18.1
  • npm: 8.1.0
@ehoogeveen-medweb ehoogeveen-medweb added Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release labels Oct 15, 2021
@ehoogeveen-medweb ehoogeveen-medweb changed the title [BUG] npm upgrade --dev triggers npm WARN old lockfile each time [BUG] npm update --dev triggers npm WARN old lockfile each time Oct 15, 2021
@ehoogeveen-medweb
Copy link
Author

Sorry about the edits, I guess npm upgrade is an alias for npm update but I meant the latter, and I guess this warning only happens after package-lock.json has been created.

@lukekarrys lukekarrys added Priority 1 high priority issue and removed Needs Triage needs review for next steps labels Oct 20, 2021
@lukekarrys lukekarrys self-assigned this Oct 21, 2021
lukekarrys added a commit to npm/arborist that referenced this issue Oct 21, 2021
@lukekarrys
fix: always set originalLockfileVersion when doing shrinkwrap reset
d32d53d 
Fix: npm/cli#3899

A shrinkwrap reset without specifying a lockfile version was triggering
an old lockfile warning due to the originalLockfileVersion not being set
prior to checking whether the lockfile was old.
@lukekarrys lukekarrys mentioned this issue Oct 21, 2021
Merged
lukekarrys added a commit to npm/arborist that referenced this issue Oct 21, 2021
@lukekarrys
fix: always set originalLockfileVersion when doing shrinkwrap reset
4fc3a53 
Fix: npm/cli#3899

A shrinkwrap reset without specifying a lockfile version was triggering
an old lockfile warning due to the originalLockfileVersion not being set
prior to checking whether the lockfile was old.
lukekarrys added a commit to npm/arborist that referenced this issue Oct 21, 2021
@lukekarrys
fix: always set originalLockfileVersion when doing shrinkwrap reset
6429b9d 
Fix: npm/cli#3899

A shrinkwrap reset without specifying a lockfile version was triggering
an old lockfile warning due to the originalLockfileVersion not being set
prior to checking whether the lockfile was old.
@lll000111
Copy link

lll000111 commented Oct 26, 2021
edited
Loading

Same here, no "--dev" used:

I commented under this closed slightly different issue (it was the most applicable one I had found until I saw this one here just now): #3721 (comment) (with lots of info and log section)

Searched a lot of issues here and on StackOverflow with "WARN old lockfile" in them. None look relevant, most are "npm install" (where I have no warning) and conditions that I don't have. I checked several closed issues and what they weer redirected to and none seemed relevant either. I think I really have to (re)post under this OPEN issue, none of the closed once apply.

@ehoogeveen-medweb
Copy link
Author

FWIW I also get this in our project even without --dev. But using --dev triggers the warning even on a freshly initialized project. I'm surprised a mature and widely used project like npm doesn't have tests for such a simple case to be honest (the warning doesn't break anything, but still).

@lukekarrys
Copy link
Contributor

@lll000111 Thanks for the additional report! It looks like your issue from your linked comment is the same as this one.

I do have a fix for this in a PR currently (npm/arborist#339) and it should go out with our weekly release on Thursday. And the PR includes a test @ehoogeveen-medweb 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lukekarrys lukekarrys

Labels
Bug thing that needs fixing Priority 1 high priority issue Release 8.x work is associated with a specific npm 8 release
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: always set originalLockfileVersion when doing shrinkwrap reset npm/arborist
3 participants
@lukekarrys @lll000111 @ehoogeveen-medweb