11

Bumped the patch version in a package.json (manually, edited file). Noted that the lock file had the old version, so I did an npm install to update it. When I did that the lockfileVersion field went from 2 to 1. This seems odd. The docs about lockfileVersion:

An integer version, starting at 1 with the version number of this document whose semantics were used when generating this package-lock.json.

Well that didn't help. So is this change in values of the version a concern? It seems like an odd change, for it to decrease like that. Should I not update the lockfile when I bump the version?

Node v12.16.1, NPM 6.14.10

jcollum
  • 43,623
  • 55
  • 191
  • 321
  • 2
    *"Bumped the patch version"* - how? `npm version patch` *does* update the lockfile too, doesn't it? – jonrsharpe Jan 07 '21 at 19:59
  • ah, no I did it manually be editing, I was in the package.json file for something else and just bumped that version while I was there; I'll try with `patch` and see what happens – jcollum Jan 07 '21 at 21:15
  • interesting: I used `npm version patch` and the `lockfileVersion` stayed at 2 – jcollum Jan 07 '21 at 21:22

2 Answers2

13

https://docs.npmjs.com/cli/v8/configuring-npm/package-lock-json#lockfileversion

lockfileversion 2 is NPM 7. So one person on my team was using NPM 7 while I was still on 6 (lockfileversion 1).

jcollum
  • 43,623
  • 55
  • 191
  • 321
  • did this cause any issues between your team? We just built a new machine and did npm i after cloning the repo and we noticed the lock file changed to version 2 and looked completely different. We pushed that update to the repo. It says it's backwards compatible, so I guess it shouldn't be an issue for devs with older versions, but I'm just wondering if the behavior is different in terms of resolving from the lock file and not package.json – MattoMK Feb 25 '22 at 02:31
  • 1
    Nah I think I'm the only person that even noticed it. But I recommend restricting your node version and getting an agreement about it. – jcollum Feb 25 '22 at 16:14
7

It's probably just because you used an older npm version than the one that was used the last time the package-lock.json file was changed. Update your npm executable and it should use a greater or equal lockfileVersion now.

jpmelanson
  • 595
  • 4
  • 10
  • 1
    Yeah it appears that `npm` was at 7.0 at that time but 6.x was still being updated. One person on my team must have been on 7 and I was on 6. – jcollum Nov 17 '21 at 19:27