Giters

npm / cli

the package manager for JavaScript

Home Page:https://docs.npmjs.com/cli/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] Wrong lock file modification for optional dependency

kirrg001 opened this issue · comments

commented

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

Lock file is incorrect after updating optional dependency.

Steps to reproduce:

package.json

{
  "name": "prisma-opt",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "optionalDependencies": {
    "prisma": "^5.13.0"
  },
  "author": "",
  "license": "ISC"
}

package-lock.json

{
  "name": "prisma-opt",
  "version": "1.0.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "prisma-opt",
      "version": "1.0.0",
      "license": "ISC",
      "optionalDependencies": {
        "prisma": "^5.13.0"
      }
    },

`

I want to update prisma to 5.14.0 running:

npm i prisma@^5.14.0 --save-optional

(I also tried npm i prisma@^5.14.0 and npm i prisma@latest, same behaviour)

package.json (correct)

  "optionalDependencies": {
    "prisma": "^5.14.0"
}

package-lock.json (wrong)

{
  "name": "prisma-opt",
  "version": "1.0.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "prisma-opt",
      "version": "1.0.0",
      "license": "ISC",
      "dependencies": {
        "prisma": "5.14.0"
      },
      "optionalDependencies": {
        "prisma": "^5.14.0"
      }
    },

"dependencies": {
"prisma": "5.14.0"
},

Running npm install again (correct)

{
  "name": "prisma-opt",
  "version": "1.0.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "prisma-opt",
      "version": "1.0.0",
      "license": "ISC",
      "optionalDependencies": {
        "prisma": "^5.14.0"
      }
    },

Expected Behavior

I do not expect that this change appears in the lock file:

"dependencies": {
"prisma": "5.14.0"
},

Or I do not expect that after npm install the change get's removed.

Steps To Reproduce

See "Current Behavior"

Please note: The steps to reproduce I have shared is a minimal application. This bug appears in my large application with having lot's of dev dependencies and optional dependencies, but we do not have production dependencies.

Environment

  • npm: 10.7.0
  • Node.js: Latest v18 (Also tested latest v22)
  • OS Name: OSX
  • System Model Name:
  • npm config:
; copy and paste output from `npm config ls` here