29

I'm using the scripts section of the package.json to force resolutions:

"preinstall": "npx npm-force-resolutions"

in the resolutions section, I have entered graceful-fs with a specified version:

"resolutions": {
  "graceful-fs": "^4.2.4",
},

When i run npm i everything is installed correctly, the set versions are taken in to account. But later on when I install an additional module, e.g. npm i random-package, my set versions are being thrown away and I endup with graceful-fs@1.2.3 and other low versions in some dependencies.

If I clear the node_modules folder and run npm i again, everything is alright again.

I also tried setting the resolution more specific, like

"resolutions": {
  "glob/**/graceful-fs": "^4.2.4",
},

but this doesn't help.

I also tried:

  • adding the module as dependency, devDependency or peerDependency
  • using a shrinkwrap and overriding it there

but no luck.

what am I missing?

NthDegree
  • 1,301
  • 2
  • 15
  • 29
  • 1
    Hey, any chance you found the solution? I experience the same problem – Anna Leonenko Jan 11 '21 at 13:38
  • I don't think there is no other way around it until you move away from those packages that depend on it or those packages get updated. – Leo Fisher Jan 12 '21 at 19:04
  • I don't have an answer, but I can save you some time. What works for me - I don't have to clear node_modules folder after installing the package. All I have to do is type `npm i` afterwards and it does the fixes. Still annoying, but at least you don't have to clear the entire folder first. – dgo May 26 '21 at 16:29

5 Answers5

21

The best solution for me to automate this was modifying preinstall script as above:

"preinstall": "npm install --package-lock-only --ignore-scripts && npx npm-force-resolutions",

Kamil Sobczyk
  • 377
  • 3
  • 6
  • 1
    More discussion about this workaround can be found [here](https://github.com/rogeriochaves/npm-force-resolutions/issues/10#issuecomment-676804889). – Leponzo Aug 04 '21 at 15:49
14

Best way is to change the preinstall script to this:

"preinstall": "([ ! -f package-lock.json ] && npm install --package-lock-only --ignore-scripts --no-audit); npx npm-force-resolutions"

This will only run npm install to create your initial package-lock.json when it does not exist yet.
This is much faster than always running both (npm + npx).

As of npm 8.3.0, you can also use npm's override:

{
  "overrides": {
    "graceful-fs": "^4.2.4"
  }
}
R. Oosterholt
  • 7,720
  • 2
  • 53
  • 77
7

in the resolutions section, you must fix version

"resolutions": {
  "graceful-fs": "4.2.4",
},
Fabrice Marquès
  • 71
  • 1
  • 1
4

Hi @NthDegree the only way which worked for me was to first run the normal npm install and then add the packages-lock.json file to git. After doing that when you add "preinstall": "npx npm-force-resolutions", it always updates the dependency resolution to the version mentioned.

I am not sure if adding packages-lock.json file to git is good or bad but by using this method the CI/CD pipeline works as well.

Mudasar Rauf
  • 544
  • 7
  • 18
  • 7
    Definitely add package-lock.json file to git – user1333371 May 03 '21 at 18:19
  • `packages-lock.json` is meant to be in source control. See https://stackoverflow.com/a/44210813/1183010 Furthermore, see [my answer](https://stackoverflow.com/a/68095189/1183010) for a minor tweak to the `preinstall` script solving the 'packages-lock.json` doesn't exist issue. – R. Oosterholt Nov 18 '21 at 16:49
3

If all of the above answers don't work and you still get sh: npm-force-resolutions: command not found try the following:

Just change:

"preinstall": "npx npm-force-resolutions"

To:

"preinstall": "npx force-resolutions"

npx force-resolutions does not run when no package-lock.json is detected, and allows the next command inline to be executed as normal

Credit to: https://github.com/rogeriochaves/npm-force-resolutions/issues/10#issuecomment-885458937

Jonathan V.n.
  • 33
  • 5