aws-codebuild-docker-images icon indicating copy to clipboard operation
aws-codebuild-docker-images copied to clipboard
verified publisher icon aws

Selecting earlier nodejs runtime version does not downgrade npm

Open peter-at-work opened this issue 2 weeks ago • 1 comments

Describe the bug

When an existing repo, developed with nodejs v20 (and npm v10), is npm-installed in CodeBuild via npm ci, an error is reported in CodeBuild:

`npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing.

To Reproduce Steps to reproduce the behavior:

  1. Use CodeBuild aws/codebuild/standard:7.0 runner image
  2. Use runtime-versions of nodejs: 20 in the buildspec file
  3. Use a source repo that was created with nodejs v20 and npm v10, having a regular package-lock.json lockfile
  4. Use command npm ci in the buildspec
  5. The installed npm version (v11) fails in parsing/processing the package-lock.json lockfile

Expected behavior npm ci should not throw an error.

Platform (please complete the following information):

  • OS: Ubuntu; standard OS used in aws/codebuild/standard:7.0

Additional context There seems to be a breaking change from npm v10 to npm v11. A recent PR https://github.com/aws/aws-codebuild-docker-images/pull/792 to the CodeBuild Dockerfile updated the pre-installed version of npm from v10 to v11. In CodeBuild runner images, selection of the nodejs runtime uses the --preserve flag or N_PRESERVE_NPM env variable which will keep the pre-installed npm version when switching nodejs runtime versions.

Default nodejs v20 and v22 installations use npm v10 https://nodejs.org/en/download/archive/v20. Only nodejs v24 installations use npm v11 https://nodejs.org/en/download/archive/v24

In this case, nodejs runtime version is selected as v20, but the npm version remained at v11 which fails in processing the existing/unchanged package-lock.json lockfile.

Potential workarounds

  • In a nodejs v20 development environment, upgrade npm from v10 to v11. Regenerate the package-lock.json lockfile by doing an npm install. Lockfile will be updated, and commit the changes to source code repo
  • Add an n --no-preserve 20 in the buildspec commands so that npm will be downgraded to v10 before running the npm ci command

peter-at-work avatar Dec 03 '25 22:12 peter-at-work