I'm using npm 5.6.0 and node v6.9.5 on OSX El Capitan 10.11.6.
Scenario: I have a nodejs project where a package-lock.json is created after every npm install as expected. The project, including the package-lock.json, is checked into a repository and afterwards cloned into a different location (same machine, same OS, same npm & node versions).
Problem: However, this time when starting npm install, the package-lock.json is different in terms of order of dependencies.
Background: Now this normally wouldn't be a problem but I need to calculate a checksum over all of the files on the git pre-commit hook to signal in the app, that the project has not been changed when it is cloned from the repository and would like to include package-lock.json into that checksum.
Therefore:
working folder: -> npm install -> package-lock.json -> checksum -> ABCD1234 -> commit & push cloned folder: clone -> npm install -> package-lock.json -> checksum -> 9876EFGH
and the only difference (using filemerge tool on OS X) is the different order of one single dependency in the package-lock.json file, every other file is exactly the same.
Shouldn't the two package-lock.json files be exactly the same? Or did I miss a specific npm concept that does not guarantee that?
Any help / hint is appreciated, thank you!
(Normally I would attach the package-lock.json as code however this file is too long so I will provide a screenshot of the actual differences)
