[BUG] Removing dependency from workspace package leads to invalid lockfile #2162

protyposis · 2020-11-12T11:58:22Z

Current Behavior:

When removing a dependency from a workspace package's package.json and executing npm install in the workspace root to update its package-lock.json (as discussed in #2036 and #1984), the file structure ends up in an invalid state where the version property holds the URL from the resolved property, instead of removing the whole dependency block. See this changeset after npm install:

Expected Behavior:

package-lock.json is in a valid state and all artifacts of the removed dependency are removed from the lockfile.

Steps To Reproduce:

remove dependency from workspaceRoot/packages/package-a/package.json
execute npm install in workspaceRoot/
investigate changes to lockfile

Environment:

OS: Windows 10
Node: 12.19.0
npm: 7.0.10

The text was updated successfully, but these errors were encountered:

protyposis · 2020-12-10T11:18:25Z

Fixed in 7.1.1, thanks!

petermikitsh · 2021-02-16T02:46:23Z

I'm observing this in 7.5.4; see #2706

protyposis added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Nov 12, 2020

protyposis closed this as completed Dec 10, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] Removing dependency from workspace package leads to invalid lockfile #2162

[BUG] Removing dependency from workspace package leads to invalid lockfile #2162

protyposis commented Nov 12, 2020

protyposis commented Dec 10, 2020

petermikitsh commented Feb 16, 2021

[BUG] Removing dependency from workspace package leads to invalid lockfile #2162

[BUG] Removing dependency from workspace package leads to invalid lockfile #2162

Comments

protyposis commented Nov 12, 2020

Current Behavior:

Expected Behavior:

Steps To Reproduce:

Environment:

protyposis commented Dec 10, 2020

petermikitsh commented Feb 16, 2021