Wasting Time with npm5 and its package-lock.json File
I love the new npm5. It brings about speed, a new succinct install format, new commands, a new deterministic install setup, and a bunch of other goodies.
However, as it usually goes with new software, we occasionally end up with bugs and unlearned concepts which end up costing us time.
In my case, it was the mandatory introduction of
package-lock.json. A file that indirectly impacts the command
package-lock.json ensures that when the user runs
npm install they will get a deterministic tree of dependencies. This tree is determined by the author who first runs
npm install and commits the package-lock.json to whatever source repository is being used.
Now, the error for me occurred when I upgraded to npm5 and was simultaneously experimenting with gulp4. Running
npm install github:gulpjs/gulp#4.0 didn’t work, the gulp dependencies weren’t being installed and for that reason I was getting errors about missing dependencies. After some time I came to the realization that
package-lock.json was causing the issue since it had been generated while I had gulp3.
So, the solution became quite apparent, simply generate a new
package-lock.json file by removing the existing
package-lock.json file and running
npm install, or in bash terms:
$ rm package-lock.json && npm install