We Keep Coding

npm ci can only install packages with an existing package-lock.json or npm-shrinkwrap.json with lockfileVersion >= 1

This is the issue that I am facing when running the command npm ci to install dependencies in my GitHub Action file.
I am working on an expo managed app and using GitHub Actions as a CI for triggering builds whenever I push my code to developmemt branch.
Here's my build script:
name: EAS PIPELINE
on:
push:
branches:
- development
workflow_dispatch:
jobs:
build:
name: Install and build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
with:
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node#v1
with:
node-version: 14.x
- name: Setup Expo
uses: expo/expo-github-action#v6
with:
expo-version: 4.x
token: ${{ secrets.EXPO_TOKEN }}
expo-cache: true
- name: Install dependencies
run: npm ci
- name: Build on EAS
run: EAS_BUILD_AUTOCOMMIT=${{1}} npx eas-cli build --platform all --non-interactive
Here's the issue that I am facing Install dependencies step.
Run npm ci
npm ci
shell: /usr/bin/bash -e {0}
env:
EXPO_TOKEN: ***
npm ERR! cipm can only install packages with an existing package-lock.json or npm-shrinkwrap.json with lockfileVersion >= 1. Run an install with npm#5 or later to generate it, then try again.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/runner/.npm/_logs/2021-10-28T15_16_06_934Z-debug.log
Error: Process completed with exit code 1.

After a lot of research, I was able to figure out that this happens when you are not using npm install for installing dependencies. In my case, I was only using yarn for the dependencies so I was only having yarn.lock file and no package-lock.json file.
One way to resolve this was using npm install to install the dependencies, then you'll have a package-lock.json file and CI won't throw any error.
And the other way if you only want to use yarn, then you need to update that step in your eas-pipeline.yml file for installing the dependencies.
*****************************************************************************************
- name: Install dependencies
run: |
if [ -e yarn.lock ]; then
yarn install --frozen-lockfile
elif [ -e package-lock.json ]; then
npm ci
else
npm i
fi
***************************************************************************************
As I wasn't able to find any solution on StackOverflow and it is our first go-to place to look for any issue. So, I decided to write this answer here.
Here's the original answer: https://github.com/facebook/docusaurus/issues/2846#issuecomment-691706184

I had a similar error.
`npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing.
with bunch of missing dependency name following this error.
I would run npm ci locally and it would run successfully. However, it would give me the error above when npm ci is run in the CI pipeline and in my case it was because of the version difference of the Node.js installed in the environment that Jenkins pipeline is running in.
My local Node version was 16.x and in Jenkins container it was 12.x.
Upgrading it fixed.

Old post, but I found this while searching for this same error. In my case I did have a package-lock.json file in my root directory. However, when opening it, I realized that there was a JSON syntax error that slipped in during a previous merge conflict. After running npm i again the file was fixed. The npm ERR! The 'npm ci' command can only install with an existing package-lock.json wasn't a super helpful error in that case.

This same thing happened to me, and I couldn't figure it out for the longest time. It turns out that I had legacy-peer-deps=true set globally, and I had no idea.
This caused my npm install command to alter the package-lock.json in a way that broke the build on our CI server. I reset package-lock.json with the version from master, removed that npm config, and reinstalled. Everything worked fine after that.

For the people who has this issue on AWS Amplify. You might have to run npm install and commit the package-lock.json file, then deploy again.

If you're using pnpm, you install node dependencies via this step:
- name: Install Node.js dependencies
run: |
npm i -g pnpm
pnpm i

After battling with this issue for about 2 days, It's finally deploying successfully to Firebase Functions after deleting package-lock.json from both the src and src/functions folders.

This occurred because the package lock file was not generated with npm, despite the fact that the npm ci requires npm to install the packages.
And because npm requires package-lock.json, we get this error. To fix this error for GitHub actions, this what I did:
- run: yarn install --frozen-lockfile
- run: yarn lint
- run: yarn test:ci
Commit diff:

deleting deploy.json helped me, since the token is updated when overwritten
rm ~/.config/configstore/#vkontakte/vk-miniapps-deploy.json
but I have other services

This happens sometimes because of the version difference of the Node.js installed in the environment that the pipeline is running in.
To fixe this, I ran:
$ firebase init hosting:github
then type Y to set up workflow when asked to.
finally, add "npm i" as one of the scripts to run before deploying like this:
npm i && npm ci && npm run build

I was using npm package manager and migrated to yarn package manager removing package-lock.json file.
I had this configuration in my .circleci/config.yml file
- node/install-packages
changed to
- node/install-packages:
pkg-manager: yarn

In my case the problem were some 'extraneous' packages, concretely local path dependencies. After removing them from package.json the problem was solved.
I got the error message while running npm install instead of npm ci.

On package.json I change this :
"overrides": {
"trim-newlines": "^3.0.1"
},
to : `
"overrides": {
"trim-newlines": "^1.0.0"
}
`
That Work for me successfully.

I had a similar problem deploying to heroku. I simply deleted the existing package-lock.json file and then ran
npm install
Merging the new lock file fixed the deploy.

In my case, I had this error with npm ci while using Yarn. I eventually figured out the version of Node I was using wasn't supported.
I did the following:
node -v to confirm my node version (18.0.1)
nvm use 16.13.0
Delete the node_modules directory
Delete yarn.lock
Run yarn
Run yard add + package names
After this, the error no longer occurred and the app deployed correctly.

Patching a NPM package locally with patch-package, not working

I'm working on a vue.js frontend, and I need to patch a package to fit the special needs of the app. The package I'm trying to patch is 'vue-youtube' (not that it really matters). I'm trying to patch it with patch-package (https://www.npmjs.com/package/patch-package)
So basically :
I edited locally the /node_modules/vue-youtube/src/vue-youtube.js to fit my needs
I did add the postinstall script in my package.json : "scripts": { "postinstall": "patch-package" }
I did npm install patch-package --save-dev
Then I ran npx patch-package vue-youtube
It did create a vue-youtube+1.4.0.patch file in a /patches folder with my modifications
BUT, my modifications are not seen. When I do npm run serve and launch my webapp, the package used is still the one not edited. I tried running npm install before, without success. When I go to the /node_modules/vue-youtube/dist/vue-youtube.js (thankfully it is a small package so it is readable), I can see that indeed my modifications have not been "compiled".
What am I missing here ? I feel like I have followed eveything in the patch-package npm page..
Thanks
EDIT : Still investigating.. few more informations/questions :
my patch name is patches/vue-youtube+1.4.0.patch
when i run npm ls vue-youtube it returns just one element : vue-youtube#1.4.0
in my package.json the dependency listed is "vue-youtube": "^1.4.0", should it be different ? should it mention that it needs to be patched ?
EDIT 2 : I realized that I am not editing the node_modules/vue-youtube/dist/vue-youtube.js, but the node_modules/vue-youtube/src/vue-youtube.
If you edit the files in the dist folder, the patch works. (however I thought patch-package would allow me to edit the files in the src folder, in readable JS...)

WORKING SOLUTION :
If you edit the files directly in the dist/ folder of the package instead of the src/ folder, the patch works fine.

Adding below npm script in package.json after patching worked for me.
scripts: {
"prepare": "patch-package",
}
The lines from yarn documentation explains about prepare
For compatibility reasons, scripts called install, postinstall, prepublish, and prepare will all be called after your package has finished installing.
After adding this script in package.json, the changes of module file in patches folder has been patched into respective node module.

I was trying to do the exact same thing with some package, let's call it "some_package". When I saw the EDIT 2 my mind just connected the dots...
To test changes locally
Modify the files in node_modules/some_package/src folder and then, go to the node_modules/some_package and run:
$ npm install
$ npm run <name of the script that generates the dist folder>
No need to run npx patch-package nor postinstall step.
I think that this approach doesn't work for all packages, it depends on how the modified package's package.json is configured. Specifically, pay attention where the browser field is pointing (in my case ./dist/some_package.js).
CAVEAT: You will have to run npm install and npm run every time you make an update to the package.
To test changes and be able to share it among team members (when the package is on Github)
Make a fork of the package you want to modify.
Make all the changes you want to your forked version of the package.
Run the following to automatically update the package.json file to make the dependency point to your forked version:
$ npm install <github's user name>/<package's name of the forked repository>#<branch name> --save-prod
For instance, if your Github's user name is "johndoe", and you forked https://github.com/aurelia/framework, and you made a branch named "mycoolbranch" containing your changes, then it would be:
$ npm install johndoe/aurelia-framework#mycoolbranch --save-prod
Note that the --save-prod flag could be replaced with --save-dev if the dependency is just for development.

Take a look at this answer, it may help.
https://stackoverflow.com/a/71153240/9981565
For me it was happening because of version mismatch between package.json intended version of package and yarn.lock / package-lock.json

Bamboo build fails because webpack donesn't find node_modules

I have configured my project on angular 1.7 with webpack. In local when I run the task npm run build (launchin webpack) everything goes correctly.
But I have a plan for my CI bamboo and when a run the NPM task with npm run build I got a message, which said:
Error: Cannot find module './yargs'
I have the intuition that webpack is not able to reach the node_modules or is not in current directory.
But node_modules is installed and yargs is there after making the npm install task before.
if I run a script before the npm run build with just "ls -l" command I get:
node_modules
package-lock.json
package.json
src
webpack.config.js
So the folder is there.
Any idea where I can take a look?

I found the solution for the issue. In the Source code checkout configuration the "Force clean build" has been checked and now the build succed.
I'm not sure why, but there must have been a conflict with a previous node_modules.

The spelling of the file that you're referring is case-sensitive when building via bamboo
building locally wouldn't give you any error nor warnings in the console.
I encountered this issue with a local file (not a node_module)... Hoping this would help someone in the future;

You cannot publish over the previously published versions

I've updated my package using npm version minor to go from 0.4.0 to 0.5.0, and both package.json and package-lock.json reflect this. However when I run the npm publish command it says:
You cannot publish over the previously published versions: 0.4.0
Is there another place I need to update the semver in order to publish?

This helped me:
Open Command Prompt and do the following steps.
npm version <new_Version_No>
npm publish

In your package.json, there might exist a publish script command with content of npm publish ..., remove or rename the publish command in your scripts of package.json if there is one.
Take the following code for example, this scripts.publish command will again be triggered by npm publish --access public, running recursively.
"scripts": {
"publish": "npm publish --access public" // this was being triggered by running `npm publish`
},

take a look at your package.json.
Is the version actually set to 0.5.0?
If not consider setting it manually there. NPM is telling you that you already have a version 0.4.0 and it cannot publish it again. So it seems to think that it's still on 0.4.0.

npm version [patch|minor|major|<version_no>] should be done to bump up the version and then
npm publish for public visibility add --access public
This should do it.

It happens when there is already npm module with same version.
We need to increment the npm module version and publish it again.

For some reason I was getting this error when I was trying to increase my version from 0.0.0 to 0.0.1. However, updating from 0.0.0 to 0.1.0 worked just fine.

You can try the following:
Update npm version to latest.
cd into the parent folder (of the folder containing package.json i.e. cd into A if your files are A/B/package.json) and then run the command npm publish B.
Doing both fixed the issue for me.

Cache npm install Task in VSTS

I have configured a private agent in VSTS and have installed NPM there globally. When I'm trying to install NPM through my build task, it is still installing NPM packages for every build which is taking an aweful lot of time- approximately 12 minutes.
How can I cache the NPM installations so that the build time is reduced?

We use npm-cache, npm-cache is a node module that will calculate a hash of your package.json file for every hash it will create zip folder on your build server with the content of node_modules, now npm install is reduced to extracting a zip on every build (of course only in case you didn’t actually change package.json).
The idea is: in the first time the tool download the npm packages and save them locally, in the second time if the package.json not changed he takes the packages from the local disk and copy them to the build agent folder, only if the package.json changed he downloads the packages from the internet.
Install the npm-cache on the build machine:
npm install npm-cache -g
In the build definition add Command Line task (Tool: C:\Windows\User\AppData\Roaming\npm\npm-cache (or just npm-cache if you add the tool to environment path variables); Arguments:install npm; Working folder: $(Build.SourcesDirectory) (or where package.json located).

MS has finally implemented this feature (currently in beta) https://learn.microsoft.com/en-us/azure/devops/pipelines/caching/index?view=azure-devops#nodejsnpm
From there:
variables:
npm_config_cache: $(Pipeline.Workspace)/.npm
steps:
- task: CacheBeta#0
inputs:
key: $(Build.SourcesDirectory)/package-lock.json
path: $(npm_config_cache)
displayName: Cache npm
- script: npm ci

Unfortunately we cannot cache the NPM installations as no such a built-in feature for now.
However there's already a user voice submitted to suggest the feature : Improve hosted build agent performance with build caches, and seems the VSTS team are actively working on this now...
For now, you can try to speed Up NPM INSTALL on Visual Studio Team Services

Use Cache task
Caching is added to a pipeline using the Cache pipeline task. This
task works like any other task and is added to the steps section of a
job
With the following configuration:
pool:
name: Azure Pipelines
steps:
- task: Cache#2
inputs:
key: 'YOUR_WEB_DIR/package.json'
path: 'YOUR_WEB_DIR/node_modules/'
- task: Npm#1
inputs:
command: 'install'
workingDir: 'YOUR_WEB_DIR/frontend'
You can use key YOUR_WEB_DIR/package-lock.json too, but be aware that file might be changed by other next step like npm install so hash also will be changed.