[BUG] `npm ci` succeeds when `package-lock.json` doesn't match `package.json`

2 min read Original article ↗

Skip to content

npm / cli Public

Notifications You must be signed in to change notification settings
Fork 4.1k
Star 9.5k

Closed

Assignees

Labels

Bugthing that needs fixing Priority 1high priority issue Release 7.xwork is associated with a specific npm 7 release

Description

opened

on Feb 15, 2021

Current Behavior:

npm ci does not fail when package.json doesn't match package-lock.json

Expected Behavior:

npm ci refuses to install when the lock file is invalid.

Steps To Reproduce:

Manually bump a major version of a dependency in package.json
Run npm ci
It should fail but performs the whole installation

npm@7

npm@6

Environment:

OS: Mac OS
Node: 14.15.3
npm: 7.5.4

Metadata

Metadata

Assignees

ruyadorno

Labels

Bugthing that needs fixing Priority 1high priority issue Release 7.xwork is associated with a specific npm 7 release

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions