2

I have Node v10.22.0, npm 6.14.6, on MacOS Catalina.

I start from a git repo that contains a package-lock.json that specifies @truffle dependencies and no node_modules folder, no package.json. After I cloned the repo, I run npm install to install dependencies. The npm doc says

If the package has a package-lock ..., the installation of dependencies will be driven by that

Surprisingly it actually installs 8 packages that have nothing to do with my project: d, es5-ext, es6-iterator, es6-symbol, ext, next-tick, type AND it overwrites package-lock.json with a new one containing dependencies on these 8 packages.

If I overwrite package-lock.json and launch npm install, it redoes the same trick.

Questions:

  1. what is happening?
  2. how can I make npm install populate node_modules correctly?
Khang Vu Tien
  • 21
  • 4
  • Also note that npm will "promote" packages to the root during install if they are predominant and used by multiple dependencies. – Joe Feb 09 '21 at 23:23

1 Answers1

2

Use npm ci to install dependencies based on your lock file. Check this answer for more details about this command, it has the answer to your questions.

Daniela C. Montenegro
  • 441
  • 5
  • 13
  • Cool. Thanks a lot. I was relying too much on the `npm install` docs. It has not been updated after `npm ci` was introduced, probably. My work around was to create a `package.json` and not rely on `package-lock.json` But i'm still puzzled to know where `npm install` found the instructions that made it install these curious 8 packages and overwrite `package-lock.json` – Khang Vu Tien Feb 10 '21 at 21:16