[BUG] `npm ci` succeeds when `package-lock.json` doesn't match `package.json`

1 min read Original article ↗

Skip to content

Navigation Menu

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign up

Appearance settings

Assignees

ruyadorno

Description

@icatalina

Current Behavior:

npm ci does not fail when package.json doesn't match package-lock.json

Expected Behavior:

npm ci refuses to install when the lock file is invalid.

Steps To Reproduce:

  1. Manually bump a major version of a dependency in package.json
  2. Run npm ci
  3. It should fail but performs the whole installation

npm@7

image

npm@6

image

Environment:

  • OS: Mac OS
  • Node: 14.15.3
  • npm: 7.5.4

Metadata

Metadata

Labels

Fields

No fields configured for issues without a type.

Development

No branches or pull requests

Issue actions