Gar

This appears to have been working by accident before. The minified packument does not have `scripts` which likely means that any package that required a build step would not work...

It's added automatically by npm during publish because it detects no existing `install` script but it finds a `binding.gyp` file. You can see an old issue where folks had similar...

npm doesn't "own" package.json, it just is one of the primary consumers of it. There have always been fields that folks add to it that npm never looks at. Oftentimes...

Closing in favor of a much smaller footprint + link in https://github.com/npm/cli/pull/7783

If someone has a reproducible case for this please open a new issue w/ steps on how to reproduce. Adding comments to this issue is not going to help.

What happens if you temporarily remove the git dependencies?

We have identified the primary culprit here, it's an unbound cache that saves all packuments in Arborist. Because we now fetch full packuments for all situations, this is causing issues...

Yes, as I said. > Because we now fetch full packuments for all situations https://github.com/npm/cli/pull/7126 However it must be reiterated this was always a problem, it just didn't manifest as...

The warning is there to let folks know of the changes npm has always been making to the package.json during publish. The fact that it is surprising to folks is...

We'll want to update the docs on this. under the hood npm was always silently converting the string to the object form, meaning the packument didn't match the package.json. We're...