cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon npm

[BUG] `npm i` does not set `["packages"][""]["name"]` in package-lock.json when there is no name in package.json while `npm audit fix` sets that to project's directory name

Open sudo-barun opened this issue 1 year ago • 5 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

This issue exists in the latest npm version

  • [X] I am using the latest npm

Current Behavior

npm i does not set ["packages"][""]["name"] in package-lock.json when there is no name in package.json while npm audit fix sets that to project's directory name

Expected Behavior

Both npm i and npm audit fix should behave in similar way i.e. both command should set ["packages"][""]["name"] in package-lock.json or not set at all.

Steps To Reproduce

  1. Create an empty directory foo
  2. Create package.json file with following content: 
    {}
  3. Run npm i. This gives package-lock.json as: 
    {
  "name": "foo",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {}
}
  4. Run npm audit fix. This changes package-lock.json to: 
    {
  "name": "foo",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "foo"
    }
  }
}

Environment

  • npm: 10.8.2
  • Node.js: v18.19.0
  • OS Name: Ubuntu 22.04.4
  • System Model Name: Inspiron 15 5510
  • npm config:
; "user" config from /home/user/.npmrc

//registry.npmjs.org/:_authToken = (protected)

; node bin location = /home/user/.nvm/versions/node/v18.19.0/bin/node
; node version = v18.19.0
; npm local prefix = /storage-ext4/projects/node-project-example
; npm version = 10.8.2
; cwd = /storage-ext4/projects/node-project-example
; HOME = /home/user
; Run `npm config ls -l` to show all defaults.

sudo-barun avatar Aug 22 '24 10:08 sudo-barun

@sudo-barun Thanks for the detailed steps, its generally recommended to initialize a project using npm init -y to create a proper package.json with a name field. This avoids the inconsistency like the one you are encountering. You can try running npm inint -y and see the consistent behaviour across both npm i and npm audit fix.

kchindam-infy avatar Aug 23 '24 17:08 kchindam-infy

@kchindam-infy I usually don't use npm init as the content of the generated package.json is not what I prefer and I have to remove most part of it. I directly create package.json with {} as content and then continue installing packages.

sudo-barun avatar Aug 24 '24 17:08 sudo-barun

@sudo-barun most of that can be customized in ~/.npmrc, what in particular don't you want?

ljharb avatar Aug 24 '24 17:08 ljharb

@ljharb I just want { "type": "module" } in package.json.

sudo-barun avatar Aug 24 '24 18:08 sudo-barun

in a new project? O.o you need name and version, at least (also, you don't need type module for ESM at all, and should avoid it regardless)

ljharb avatar Aug 24 '24 23:08 ljharb

Closing If this is still a problem please feel free to reopen this issue, or create a new issue w/ steps to reproduce.

milaninfy avatar Aug 30 '24 20:08 milaninfy

@milaninfy Can you provide some info whether this bug has been fixed or not? The latest stable version of npm (10.8.3) does not seem to have fixed this.

sudo-barun avatar Aug 31 '24 13:08 sudo-barun