11

Our team just updated to npm@5. The package-lock.json was unified between Windows and Mac (certain dependencies are optional so they don't get installed on Windows, but they do on Mac) so that no matter the machine, we'd generate the same node_modules structure. That went fine, then each of the team members went through the following steps:

  1. rm -rf node_modules
  2. git pull
  3. npm install

This actually went perfectly for all team members except for one, who had a modified package-lock.json after the npm install. The one modified line was that it removed "requires": true.

So I saw:

{
  ...
  "version": "0.0.1",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
  ...
}

But he saw:

{
  ...
  "version": "0.0.1",
  "lockfileVersion": 1,
  "dependencies": {
  ...
}

Does anybody know why requires: true might be removed from the package-lock.json file on some machines but not others? Also, a little explanation of what this property does wouldn't hurt. :)

Thanks in advance!

atdrago
  • 295
  • 4
  • 16
  • I have the same issue. I'm using `node 8.1.2` and `npm 5.0.4`. Looking at their documentation, there is no mention of any `requires`. I'm also curious of what is does. Note that, removing it does not seems to actually break anything (works on our CI and staging servers) – lkartono Jul 19 '17 at 03:29
  • Update: it seems that it is related to npm version. Just updated to `npm 5.1.0` and the `requires: true` disappear. However, all of my dependencies have a `requires` key now. I think the `requires: true` force `package-lock.json` to list in a nested way, dependencies' dependencies. – lkartono Jul 19 '17 at 03:37
  • See https://github.com/npm/npm/pull/19307 for a PR which moves the explanation from the spec file into the help page – Ben Creasy Jan 19 '18 at 01:19

1 Answers1

6

As I suspected in my comments, the requires field has been added since 5.1.0. You can see the related pull request here https://github.com/npm/npm/pull/17508 (changelog visible here https://github.com/npm/npm/releases/tag/v5.1.0)

To quote what it says:

This has a handful of fixes:

  1. It introduces a new package-lock.json field, called requires, which tracks which modules a given module requires.
  2. .....

To avoid these kind of conflict, I advise you (and myself as well) to ensure all your team mate are using the same npm version.

UPDATE

After upgrading npm to version 5.1.0, I was having trouble with missing dependencies (working on an Angular 4 application). If anyone is experiencing the same issue, here is what I did to solve it:

rm -rf node_modules
npm prune
npm install

Hope it helps.

lkartono
  • 2,323
  • 4
  • 29
  • 47
  • 1
    Accepting as the answer, because we did all need to be on the same NPM version. We also found that having all dependencies listed as devDependencies was problematic because NPM had an issue resolving dependencies of devDependencies. Lastly, optional modules would get install on some machines but not others. Once we got on the same version of NPM and fixed the dependencies, we now follow these steps to update modules: `rm -rf node_modules && npm install --no-optional` – atdrago Sep 11 '17 at 14:30