0

I am getting this when I am trying to push my code into github actions or building dockerimage.

 shell: /usr/bin/bash -e {0}
npm WARN read-shrinkwrap This version of npm is compatible with lockfileVersion@1, but package-lock.json was generated for lockfileVersion@2. I'll try to do my best with it!

I tried to implement this Link it works but again after some commit I am getting the same error and I have to repeat the same procedure again and again.

Any fix for that?

Kevin Martin
  • 39
  • 1
  • 9

1 Answers1

-1

Look in your .gitignore if you have the lines :

package-lock.json

node_modules/

if not,then add them,

after that look in your Github repository and delete the package-lock.json file and the node_modules directory (if any)

Important Edit :

My bad, Kevin Martin is right the official documentation tell us to add it to the repository for CI/CD.

This file is intended to be committed into source repositories, and serves various purposes:

Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.

Provide a facility for users to "time-travel" to previous states of node_modules without having to commit the directory itself.

To facilitate greater visibility of tree changes through readable source control diffs.

And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.

But for my case (Azure Devops) i had a lot of trouble with it.

Dadv
  • 324
  • 2
  • 17
  • 2
    I read somewhere that package-lock.json is not recommended to be put in .gitignore. – Kevin Martin Jun 28 '21 at 14:52
  • 1
    Sure it's better to let it in, but when your work with CI/CD often you got troubles with it. – Dadv Jun 30 '21 at 10:18
  • Yeah, that's the exact case I got when I am building a Docker Image. Is there any other option available apart from deleting package-lock.json? – Kevin Martin Jul 01 '21 at 03:39
  • 1
    Package-lock.json is auto generated on build, so you only need it for "simplicity" and "convenient".. if you didn't not use it in a special process, i think you can delete it with out any trouble. From my experiences, you got trouble also with it on Git multi user on same branch, personaly, i prefer recreate it each time to be sur to have the good version... – Dadv Jul 08 '21 at 12:03
  • Suppose If I delete package-lock.json then it may happen that a different version of the library may get released in the future and during testing it may again cause conflicting issues. Recently I was using node-sass in React in which I encountered the same problem. In npx CRA the sass dependency that is used there was version 4 but recently sass released version 6. Due to this, I face conflict issues. – Kevin Martin Jul 09 '21 at 05:21
  • 2
    Also it is mentioned in a post that we shouldn't delete package-lock.json. [Do I commit the package-lock.json file created by npm 5?](https://stackoverflow.com/questions/44206782/do-i-commit-the-package-lock-json-file-created-by-npm-5) – Kevin Martin Jul 09 '21 at 05:23
  • @Kevin Martin, i'm agree with that, but i suppose that this is for CI/CD, so all the dependencies are always re-download, re-install, the package-lock.json will not be very usefull in this context, i think. If a package version changed, your directives in the package.json should not allow to download a more recent version (except minor fix) – Dadv Jul 09 '21 at 08:19