2

In the given scenario, new Dev A has a new version of npm (8.3). He does a clone of the repo and npm says the package.lock file needs to be upgraded from lockFile version format 1 to version 2. Then he checks that in. So now the repo has a lock file with format version 2 and other devs pull that down.

Time goes by with no problems. Then Dev B, who's on version 6.13, installs a package. Is it normal that the lock file will change back to version one FROM version 2? In other words, each time a dev with a different version of npm that employs a different format, upgrades or installs a package, is it normal that it changes the lockfileVersion format over and over depending on their npm version and its format? Or should it stay with lockFileVersion 2?

Trying to identify what happened recently with our packages, and I'm looking to exclude this as a possible issue.

From what I read fileLockVersion 2 is supposed to be backwards compatible. But is it supposed to change back and forth like that? I wouldn't think so because how can someone with version 2 (Dev A) use version 1 if it was required to upgrade to version 2 in the first place?

So am I correct that once it's on version 2 it should stay that way? And if so, what would cause it to go back to version 1.

Thanks

torek
  • 448,244
  • 59
  • 642
  • 775
MattoMK
  • 609
  • 1
  • 8
  • 25
  • 1
    Why aren't you using a consistent Node/NPM version within the team? – jonrsharpe Mar 25 '22 at 17:19
  • That's a great question. And the answer is, we're all new to modern web tooling and we haven't had any problems until now so.. learning pains I guess. – MattoMK Mar 25 '22 at 17:20

1 Answers1

1

No, it's not normal for developers to keep flipping versions like that, but it's fairly common for it to occur. We also had this happen specifically with package-lock.json so we told everyone to upgrade, and we made sure to upgrade all of our build agents. Similarly, in Visual Studio solutions some developers occasionally changed the version of VS back and forth from 2017 to 2019 a few times before we told everyone to just upgrade to 2019.

Generally it's best to avoid it if possible.

TTT
  • 22,611
  • 8
  • 63
  • 69
  • Yeah, so I'm still not certain how it happened. But we had him upgrade to npm v8 and then run npm install and he got the message to update the lock format version. Then we upgraded the version of Node on our build server. He pushed and that allowed us to fix our problems. I'm using VSCode and he's use VS 2019. So I've learned that everyone should be on a similar version of npm. thanks – MattoMK Mar 26 '22 at 17:50
  • 1
    Regarding how it happened, (I think) npm 6 can *only* write version 1 to the file, and will do so anytime you use npm install from version 6. Npm 7-8 will write version 2, and it is backwards compatible in the sense that npm 6 or lower can *read* it, but lower versions will still change it back to 1 when they write the file. – TTT Mar 26 '22 at 18:23