[BUG] Running `npm ci` doesn't fail when package.json#version has changed

Question

[BUG] Running `npm ci` doesn't fail when package.json#version has changed

jrieken opened this issue a month ago · comments

Johannes Rieken commented a month ago

Is there an existing issue for this?

I have searched the existing issues

This issue exists in the latest npm version

I am using the latest npm

Current Behavior

npm ci doesn't fail when the version-property only in package.json changes

Expected Behavior

I would expect that npm ci errors because the version properties aren't in sync anymore.

Steps To Reproduce

Have package.json and package-lock.json that are properly in-sync
bump the version-property inside package.json
run npm ci

Environment

npm: 9.6.7
Node.js: 18.17.0
OS Name: macOS

milaninfy · Answer 1 · Sat May 04 2024 00:50:42 GMT+0800 (China Standard Time)

As far as I know, it would only error out if the dependencies don't match or out of sync, otherwise it will go through just fine.
Can you please provide if you have the npm version where it throws the error when version is mismatched in package.json and package-lock.json, so that this behaviour can be traced.
https://docs.npmjs.com/cli/v9/commands/npm-ci#description

milaninfy · Answer 2 · Sat May 04 2024 03:37:39 GMT+0800 (China Standard Time)

The purpose for this check in npm ci is to see if dependencies were edited manually or by other way than commands like npm install. The version field in package file does not affect the dependency tree therefor it does not fail.