[BUG] On v11.6.1 npm i or npm update generates different lock file contents on second runΒ #8725
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
When using npm v11.61 or v11.6.2. The second run of npm i generates a different lock file compared to the first npm i
Expected Behavior
npm i should generate the same lock file contents
Steps To Reproduce
See this mcve for the repro
- Run
git clone https://github.com/aalej/tools-issue-9295_npm.git, then cd into the directory - Run
rm -rf node_modules package-lock.json - Run
npm i - Run
npm ls picomatch- No issue raised
- Run
git add .thengit commit -m "checkpoint"(or runbash auto-commit.sh)- This is just to check the diff
- Run
npm iagain ornpm update - Run
git diff
$ git diff
diff --git a/package-lock.json b/package-lock.json
index 60bf11d..ff02a5f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8033,20 +8033,6 @@
}
}
},
- "node_modules/tinyglobby/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
- "license": "MIT",
- "optional": true,
- "peer": true,
- "engines": {
- "node": ">=12"
- },
- "funding": {
- "url": "https://github.com/sponsors/jonschlinkert"
- }
- },
"node_modules/tmp": {
"version": "0.2.5",
"resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.5.tgz",Environment
- npm:
- Node.js: 22.21.1
- OS Name: macOS
- System Model Name: Sequioa 15.7.1
- npm config:
$ npm config ls
; node bin location = /usr/local/bin/node
; node version = v22.21.1
; npm local prefix = /Users/[REDACTED]/issues/9295-2
; npm version = 11.6.1
; cwd = /Users/[REDACTED]/issues/9295-2
; HOME = /Users/[REDACTED]
; Run `npm config ls -l` to show all defaults.