NPM installing package removes another - react-native

When i install a package with npm install for my react-native project it automaticly removes another. How can I stop this from happening?

The problem is that you've added a git dep, possibly using a branch identifier like: git+https://..../you/your_project.git#your_branch but after resolution it's saved in package-lock.json not as #your_branch but as #sha_for_latest_commit_to_your_branch. When npm tries to resolve this difference it gets confused and removes what you've got currently.
You can get around the npm bug, while we wait for a fix to land, by copying that sha from package-lock.json into your package.json. You'll need to change the sha in package.json any time the dep gets more commit(s) pushed that you want in your project....
This would be annoying if you wanted it to automatically pick up changes to a frequently changing git dependency, but at least it would stop the uninstall behavior.. by Adam Tuttle ... cant see more in this link https://github.com/npm/npm/issues/17379

Related

Yarn lock file resource source changed from registry.yarnpkg.com to registry.npmjs.org

I recently npm installed a package into my Ruby on Rails application. The installation changed my yarn.lock file. Specifically, the "resolved" field for all my resources have changed from yarnpkg.com to npmjs.org.
From this:
d3-dsv#1:
version "..."
resolved "https://registry.yarnpkg.com/d3-dsv/-/d3-dsv-1.0.8.tgz#..."
integrity ...
To this:
"d3-dsv#1":
"integrity" "..."
"resolved" "https://registry.npmjs.org/d3-dsv/-/d3-dsv-1.1.1.tgz"
"version" "..."
Is there a problem with these changes in this yark.lock file? Should I have done some yarn alternate to npm installing?
You can fix this issue by re-running yarn again.
To accomplish this, follow the steps below.
Remove the registry.npmjs.org section in your yarn.lock file.
Run the yarn command again.
$ yarn
This should rewrite the yarn.lock to change the registry from npm to Yarn.
The steps above should rewrite the yarn.lock file, and change the registry and text from npm to Yarn.
If you are using only public packages in your application then this will not cause many problems. You can go about your business as it is.Although there might be some complications when you authenticate for any of them at any point.
If you are using any private repositories, you have to re-register your packages with yarn and add credentials to them.
The following steps will help you.
Setup a private repo on npmjs.org and add a scope and your package (Lets name it boo)
Create a new project locally and upload it to the npm registry (let's call it blimp)
So when they are updated it will be #boo/blimp
Add the package to your new applications package.json by installing yarn add #boo/blimp
Remove the node_modules (rm -rf node_modules)
Try yarn install if there is an error in the lock file try re-creating one as follows
sed -ie 's,registry.yarnpkg.com/#boo,registry.npmjs.org/#boo,' yarn.lock
7. If that omits an issue like Request failed or something in that alley, try following
yarn config set registry https://registry.npmjs.org
At this point, you have tried lots of options. If this is still an issue in your system then you might have to move to `npm` package management. Follow the [yarn][2] repository for more updates.
Similar issues
yarn.lock should not include base registry
Support protocol-relative registry
Support for registry URLs without trailing slash
I suspect this happened to me because I installed something with npm install instead of yarn. I recognized my mistake, npm uninstalled the package, then yarn added the package, but then every entry in yarn.lock was changed to use npmjs.org instead of yarnpkg.com.
I did not commit the changes to source control, and the problem disappeared after I...
Deleted package-lock.json
Reverted the change to package.json in source control (i.e. removed the new package)
Reverted all changes to yarn.lock in source control
yarn added the package again
I am unsure if using npm install followed by yarn add is really what triggered the problem. Can anyone confirm?

NPM install removes/modifies empty keys from package.json (e.g., dependencies)

I think NPM released an update a few months ago that now causes the package.json to be modified when install script is run. I have several package.json files (one for each app under a collection of web apps). I depend on keys devDependencies and dependencies to automatically collect packages. I would like to keep them even if they are empty (e.g., dependencies: {}). But npm install removes them when they are empty. Any ideas on how to prevent that?
Here's a screenshot:
Edit:
A workaround for now is to add a check in my Gulp scripts to make sure those keys exist. If they don't, I handle the process accordingly. But my original question stands. I hope NPM will add an option for this in a future release.

NPM uninstalled package details still exist in package-lock.json - should I remove them?

npm uninstall react-dates --save
still leaves a lot of traces in package-lock.json - airbnb-prop-types for e.g. How do I remove them? Additionally, if it is the case that it is some other package which uses them, how do I find out which one it is?

How does npm error affect old git commits?

In my create-react-app project I've installed many node packages via npm. Every time, I've used npm install --save to update package.json and package-lock.json and then committed the changes to git.
Recently, something caused a previously-working npm module to fail. Since I couldn't find the cause, I tried removed and reinstalled all dependencies like this:
rm -rf node_modules/
npm install
However, the same module still fails, even when I switch back to older commits and repeat the commands above!
Since the problem can't be in the committed code itself (which is running fine on another machine), the problem must be somewhere else such as in the create-react-app development server or the /node_modules.
How can I reset my work to a working state, given that everything is in git and was working before?
UPDATE:
My answer below turned out to be only partly right. npm did install a newer version of the package, but that was not actually the problem after all. The true fix was realising that my data (from my database) was corrupt, so returning to prior "working version" made no difference until I fixed my data!
UPDATE: As mentioned in the updated question, this answer did not actually solve my problem after all. Messing around with the npm modules did fix something, but it soon started failing again, so the fix was incomplete.
UPDATE 2: There was also a problem in the data I was passing from my database to the module! That data is not stored in git, so fiddling with npm modules and git had no power.
It seems that the problem was in the npm versioning! Since my package.json listed somepackage#^6.0.0, running npm install fetched the latest version (which had the bug).
Hence, my old working commits that referenced somepackage#^6.0.0 still actually installed the new faulty version when re-installed from scratch.
The solution was to edit package.json and change somepackage#^6.0.0 to somepackage#6.0.0(exact match without ^)

packages.json: suppress looking for new versions

Is there any way we can suppress not to look for new versions during npm install. I know we can remove it from packages.json but doing the same thing in every dependent packages can quite become a challenge. The current problem i have is our company doesn't allow us to pull from public domain unless they are accepted and added to our private repository. Every time we add all the packages and after couple of days if we run npm install it will fail since a new minor or major version is released and we don't have it in our repository.
UPDATE Just recently Npm release npm ci command especially for such purposes. It strictly follows the package-lock.json file
I think starting with npm5 you have a lock file which solves that problem. In addition you could try npm shrinkwrap command, which is a bit older approach, it creates the shrinkwrap.json file with exact version of packages and next time npm will use only this versions.