[BUG] npm-shrinkwrap.json
published within package is ignored during npm i somepackage
#7977
Open
2 tasks done
Labels
Is there an existing issue for this?
I've seen a similar issues in #5349 and #5325 but they seem to be about installing local tarballs only, and one of them even mentions, that it works if installing from remote. But that't not the case for me. May also be related to #4583 as I'm not using npmjs.org as registry but github.
This issue exists in the latest npm version
Current Behavior
I have a package
@myorg/shrinkwraptest
(which is published and installable via github). The published package includes anpm-shrinkwrap.json
file which looks like thisWhen I then do
npm i @myorg/shrinkwraptest.json
in a new empty folder and then inspect thenode_modules
folder I see, that themongoose
package is installed in version8.8.4
and themongodb
package is installed in version6.10.0
(which are the respective latest versions at the time I'm creating this issue)This is the (relevant) output of
npm ls --depth 3
Expected Behavior
Reading the docs, I'd expect when I do an
this contained
npm-shrinkwrap.json
should be respected andmongoose@8.1.3
andmongodb@6.3
should be installed.Steps To Reproduce
npm-shrinkwrap.json
bundled with itEnvironment
Environment
; "user" config from /root/.npmrc
@myorg:registry = "https://npm.pkg.github.com/"
//npm.pkg.github.com/:_authToken = ...
; node bin location = /usr/local/bin/node
; node version = v23.4.0
; npm local prefix = /test
; npm version = 10.9.2
; cwd = /test
; HOME = /root
The text was updated successfully, but these errors were encountered: