npm5 equivalent to yarn's --pure-lockfile flag? - npm

I'm looking for an equivalent for yarn's --pure-lockfile flag.
This flag is useful when installing dependencies in CI, when you want it to read your lockfile but not modify it.
Does npm v5 have an equivalent?

npm 5.7 introduced the npm ci subcommand:
the main differences between using npm install and npm ci are:
The project must have an existing package-lock.json or npm-shrinkwrap.json.
If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
npm ci can only install entire projects at a time: individual dependencies cannot be added with this command.
If a node_modules is already present, it will be automatically removed before npm ci begins its install.
It will never write to package.json or any of the package-locks: installs are essentially frozen.

this is how I did in my dockerfile
RUN npm install --pure-lockfile
it should work perfect.

Related

How to fix "unable to resolve dependency tree" [duplicate]

When trying to install the npm packages using npm i command, I am getting the following exception:
I have tried reinstalling the Node.js package and setting the proxy to off using:
set HTTP_PROXY=
set HTTPS_PROXY=
The issue is still there. What I am doing wrong?
Update:
When I run the following command:
npm install --legacy-peer-deps
The following error is displayed:
This is not related to an HTTP proxy.
You have dependency conflict (incorrect and potentially broken dependency) as it says, so try to run the command with --force, or --legacy-peer-deps. If it doesn't take effect, the temporary solution is using prior versions of the Node.js (downgrading the Node.js version) as it causes this kind of errors to happen sometimes.
Update based on the OP's update:
As you see, it fires the following error:
No matching version found for #angular/http#^9.1.4.
Take a look at angular/http page. Note that the latest version for that deprecated package is 7.2.16 while you request an upper version (e.g., ^9.1.4)! So, try to check the project dependencies and follow the raised errors in order to solve the problem.
Try this command-
npm install --save --legacy-peer-deps
First to understand the problem. Here is what I have as error:
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: project-admin#11.0.0
npm ERR! Found: #angular/common#11.0.3
npm ERR! node_modules/#angular/common
npm ERR! #angular/common#"11.0.3" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer #angular/common#"^9.1.0 || ^10.0.0" from #agm/core#3.0.0-beta.0
npm ERR! node_modules/#agm/core
npm ERR! #agm/core#"3.0.0-beta.0" from the root project
First you should start to read the problem from the bottom to the top. Here #agm/core#3.0.0-beta.0 requires angular common 9.1.0 or 10.0.0. And the top message says that the angular common found is actually 11.0.3.
(If you want to understand dependencies little bit better, here is very simple site: How npm3 Works)
dependencies — these are the essential dependencies that you rely on and call in your project’s code
devDependencies — these are your development dependencies, for example, a prettier library for formatting code
peerDependencies — if you set a peer dependency in your package.json, you are telling the person who installs your package that they need that dependency with the specified version
optionalDependencies — these dependencies are optional and failing to install them will not break the installation process
bundledDependencies — it’s an array of packages that will come bundled with your package. This is useful when some 3rd party library is not on NPM, or you want to include some of your projects as modules
So what should be the solution then? The problem is about peer dependencies. The solution is to downgrade angular common or the solution is to use legacy dependencies logic for installing packages using --legacy-peer-deps. So --legacy-peer-deps does not try to install the peerDependencies automatically. Is this going to work for you? Probably, yes. But you should add specific instructions how to do that, or to make the use of --legacy-peer-deps automatic for future installation of the project packages with this code from one of the previous answers:
npm config set legacy-peer-deps true
In my case I installed the package and I tried to run ng serve, but because --legacy-peer-deps was used, there were dependency packages which were not installed. I had to install those manually (because I did not set the configuration from the code above). At the end installing about five packages manually, all with --legacy-peer-deps, I ended to a package that could not be installed and I did not try to continue, because my project was throwing warnings like crazy and there were a lot of packages for audit too. So my decision was not to use this package and to find an alternative.
Other solutions that I read about along the way:
downgrade Node.js to v14. This will downgrade npm. It might not be v14, but this was the version that was most widely downgraded to.
Some people use Yarn to force package installation - personally I don't understand how this works, because I haven't used Yarn.
downgrading Angular and the global Angular CLI version to version that will satisfy the requirement. In my case it is angular/common, and in the question it's angular/core, but both require downgrading the whole angular right (I am not sure about this here).
the package you install might have a higher version that doesn't require downgrading Angular. You might try to use the https://updatepackagejson.com/ to upgrade your packages to the latest, but this is in case your project is quite new.
In addition to using the --legacy-peer-deps command line option, this can also be set more permanently as a config option:
npm config set legacy-peer-deps true
Finally, I found the answer. Try this command -
npm install --save --legacy-peer-deps
Described here legacy-peer-deps
When using npm 7, this comes up a lot because peer dependencies issues are treated as errors in version 7 whereas they were generally only warnings in version 6. Usually using --legacy-peer-deps makes it work with npm 7.
When that doesn't work, an option is to downgrade to npm 6. Downgrading Node.js is not necessary (but not harmful either). The relevant dependency management code is in npm. Downgrading Node.js will often work coincidentally because doing so will often downgrade npm as well.
Another option that is less disruptive than downgrading npm is using npx to use the previous version of npm for just the install command: npx -p npm#6 npm install
And when all else fails, it's often worth a shot to remove the node_modules directory and package-lock.json, and then run npm install again. That regenerates node_modules and package-lock.json.
This happens for some packages after updating to npm 7.
Parameter --legacy-peer-deps can help:
npm i --legacy-peer-deps
Described here legacy-peer-deps
Causes npm to completely ignore peerDependencies when building a
package tree, as in npm versions 3 through 6.
If a package cannot be installed because of overly strict
peerDependencies that collide, it provides a way to move forward
resolving the situation.
...
You can set this option to true by default (not recommended by npm):
npm config set legacy-peer-deps true
Or just wait until these packages get up to date.
Just do two simple steps:
First, execute this in your terminal.
npm config set legacy-peer-deps true
Second, clear the cache:
npm cache clean --force
And finally, execute your command. This will work for sure.
The problem is related to a dependency conflict or broken dependency. You can proceed by accepting the incorrection of dependency by forcing an install.
Solution: Using command with --force.
Your command will be like npm install --force #your-npm-package.
Note: You can use yarn to install a dependency if it's available in to install with the yarn package manager.
NPM can be used to install and manage versions of dependencies in your projects.
I had it the same issue on React versions in relation with the npm version:
npm error found types/react#16.14.20
So it might be package-versions that need to be installed based on your package.json file.
It gives errors in the npm 7 version and cannot install Node.js modules.
If you will downgrade npm version to 6, those problems will become warnings and the problem will be resolved.
Try to prove this command: npm install -g npm#6
Check if version is already installed: npm --version
Remove and install node_modules package:
a) Remove rm -rf node_modules
b) Install: npm i
Try removing the node modules and package-lock.json file and run command npm install
or
Try npm cache clean --force
First I tried
npm install
It gave me error unable to resolve dependency tree and based on the help information from this command,
Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
I tried this command:
npm install --legacy-peer-deps
And it solved my problem.
Try two options to resolve this issue:
Option 1: Delete folder node_modules folder and file package_lock.json after running:
npm cache clean --force after npm i --force
Option 2: run npm install --save --legacy-peer-deps
The fastest solution: npm install --legacy-peer-deps
Explanation:
In npm versions 3 through 6, peerDependencies were not automatically installed, and would raise a warning if an invalid version of the peer dependency was found in the tree. As of npm v7, peerDependencies are installed by default.
npm docs: peerDependencies
Your dependency contains some peerDependencies that conflict with the root project's dependency.
As it described in the npm ERR log.
Disclaimer: This assumes you're on npm v7
Note: If you follow the instructions of sibling commenters, it will create a user-scoped config that won't sync consistently across teammates / machines / buildbots.
Project-based legacy peer dependencies
You will probably want legacy-peer-deps tied to your project so it proliferates across machines / developers, and doesn't contaminate your other projects.
npm config set legacy-peer-deps true --location project
This will create a local file at .npmrc which you can commit to your repository:
legacy-peer-deps=true
Then afterwards, you can just run:
npm install
Then commit the updated lockfile.
Remember, location, location, location:
per-project configuration (/path/to/my/project/.npmrc, see more):
npm config set legacy-peer-deps true --location project
per-user configuration (defaults to $HOME/.npmrc, see more)
npm config set legacy-peer-deps true --location user
or, as the default location is user anyway:
npm config set legacy-peer-deps true
global configuration (defalts to $PREFIX/etc/npmrc, see more)
npm config set legacy-peer-deps true --location global
or, as --global infers --location global
npm config set legacy-peer-deps true --global
For some projects, fixing dependencies may be non-trivial
In my case, a critical dependency we have a legacy version of wants to pull in webpack v3 (!) - but that's a build dependency of that project's.
The best solution on a short term basis is to use legacy-peer-deps as a hold over.
If you are in a pinch, you could also consider forking the dependency and adjusting its peer dependencies accordingly - them point your project to the fork.
You can install the packages using two ways it is showing this error
ERESOLVE unable to resolve dependency tree
Install the package using npm install and having --legacy-peer-deps
npm install --save --legacy-peer-deps
This is a combination of two commands
a. Set legacy-peer-deps true in npm config
npm config set legacy-peer-deps true
b. Now install packages using npm install
npm install
The problem seems to be that gf-kautomata-pipeline-ui is using Angular 9, while #angular/http requires Angular 7. (#angular/http was deprecated and eventually removed, and all its functionality was moved into #angular/common instead.)
See: https://www.npmjs.com/package/#angular/http
If you're running Angular 9, then
delete #angular/http from your package.json (You don't need it in Angular 9)
Make sure you have #angular/common in your package.json.
Run npm i.
If you're running Angular 7, then open up your package.json and check to make sure all of your Angular packages are no higher than ^7.0.0. You may also need remove gf-kautomata-pipeline-ui, or contact the author of gf-kautomata-pipeline-ui and find out if the library is compatible with Angular 7.
This works for me:
npm install --save --legacy-peer-deps
In my case, I started getting the error (below) after upgrading npm from version 6 to 7.
npm ERR! code ERESOLVE npm ERR! ERESOLVE unable to resolve dependency
tree
...
npm ERR! Fix the upstream dependency conflict, or retry this command with --force, or --legacy-peer-deps to accept an incorrect (and potentially broken) dependency resolution.
In my case compiling with either --legacy-peer-deps or --force flags resulted in a useless bundle.
So I tried deleting the node_modules, package-lock.json, and bundle using yarn install. This generated a yarn.lock file and created package-lock.json that worked fine in subsequent npm runs.
P.S.: I am using the temporary workaround until npm 7 works fine with my project: after that, I will delete yarn.lock, package-lock.json and folder node_modules, and recompile with npm
rm -rf node_modules
rm package-lock.json
yarn install
# Generates a yarn.lock file and a new package-lock.json
# Continue with npm
npm start
I just update my Node.js and it works for me:
node -v
Output:
V xxxx
And:
sudo npm install -g n
(Use this command to install the stable node release.)
sudo n stable
If you have node_modules folder and package-lock.json file in your root directory then remove those:
rm -r node_modules
rm package-lock.json
Then run commands:
npm install --save --legacy-peer-deps
npm audit fix --force
Create .env file in the root directory and paste below code:
SKIP_PREFLIGHT_CHECK=true
Now, start your project:
npm start
I have faced this issue many times. At last I found a solution:
npm install react-native-paper --legacy-peer-deps
Use
npm install --legacy-peer-deps
This worked for me.
For this case, I was having the issue
ERESOLVE unable to resolve dependency tree
in an Angular 13 project that used some packages from a private npm feed in Azure DevOps.
To access this repository, I created an .npmrc file. Because of this, the npm install command would search all packages in my private repository and not in npm feed any more. The unable to resolve the dependency tree error happened because the npm install command could not find many of the packages that were hosted in the npm feed and not my private feed.
I found this amazing answer on how to scope packages.
Based on this, I made some changes:
In my library Package.json, update the name to have a scope name #mylib
"name": "#myLib/command-queue",
Build and publish this package to my private feed
In my client app (the one that uses this package), update the .npmrc file to use my private feed for packages in this scope only
#myLib:registry=https://pkgs.dev.azure.com/...
always-auth=true
Now, whenever I run the command npm install, if the package has the scope #myLib, it will look for it in my private feed, and use the npm feed for all other cases (i.e., #angular/...)
This is an example of my client app Package.json file:
"#angular/platform-browser-dynamic": "~13.3.0",
"#angular/router": "~13.3.0", <-- this comes from npm
"#myLib/jcg-command-queue": "^2.2.0", <-- This comes from my private feed
Also, with this change, there isn't any need to add --legacy-peer-deps to the npm install command any more.
We had the same issue resulting in the error bellow:
npm ERR! code ERESOLVE npm
ERR! ERESOLVE could not resolve npm
ERR!
npm ERR! While resolving: #angular/material-moment-adapter#12.1.4 npm
ERR! Found: #angular/material#12.0.6 npm ERR!
node_modules/#angular/material npm ERR! #angular/material#"~12.0.4"
from the root project
...
We use npm ci for clean install in Azure-Pipelines.
The issue was very often, that package.json and package-lock.json were not in sync anymore.
Solution to it was to execute npm install local and push the new package-lock.json.
As and additional hint we added a new task in the pipeline for additional informations if the the job fails.
- task: Npm#1
displayName: npm install
inputs:
command: custom
customCommand: ci
customRegistry: useNpmrc
# ##vso[task.logissue type=error] writes the text to the summary page (error-log).
- bash: echo "##vso[task.logissue type=error] If 'npm install' fails with 'ERESOLVE could not resolve', 'package.json' and 'package-lock.json' (needed for 'npm ci') may be out of sync. Run 'npm install' locally and push the new package-lock.json."
condition: failed() # Only execute on fail
displayName: npm install failed hint
Resetting package-lock.json works good for me all the time:
git checkout -- package-lock.json
Details:
Been experiencing this a lot when updating all packages of the legacy project - I highly don't recommend using npm audit fix nor npm i --force. Deleting the package-lock.json didn't work for me all the time as well. Rollback to the working version of package.json + package-lock.json and add packages turned out to be the safest and fastest variant for me.
Just in case, I did have similar behavior, when I tried either npm upgrade my current Angular 11.x based boilerplate from previous ng new or create new ng new abc based on Angular 12.x. I simply forgot to upgrade Angular CLI. So this npm install -g #angular/cli#latest solved my errors during ng new abc.
In my case I was having trouble with a #babel/core dependency, but I didn't want to use --force, because I was not sure about the consequences, so I went to https://www.npmjs.com/, looked for the package and replaced my old version with the newest one. That did the work.
This is an issue of Node.js version. Some latest versions of Node.js could show errors like these.
https://github.com/nvm-sh/nvm
I use NVM to manage Node.js versions on the system and use Node.js 12 to get past this error.
Command to change version:
nvm use 12
Downgrade Node.js to v14 works for me.
Use these commands:
source ~/.bash_profile
nvm use v14.16.1
npm install

What is the NPM equivalent of "yarn install --frozen-lockfile"?

I'm using npm as part of me building the production docker image.
I want to make sure the package-lock.json doesn't change and matches.
You can use npm ci.
npm ci bypasses a package’s package.json to install modules from a package’s lockfile. This ensures reproducible builds—you are getting exactly what you expect on every install.
https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable

How I can skip installing optional dependencies by 'npm ci'?

How I can skip installing optional dependencies from package-lock.json by npm ci?
You can use npm ci --no-optional .
If npm still installs the optional package. Then try after removing package.lock.json and run the command again.
There was an error in NPM's implementation of npm ci --no-optional. It has been fixed in versions > 6.13.3 - maybe earlier versions as well, but I can only vouch for 6.13.4 and up.
I was facing this issue with CI workflow script and even "--no-optional" was not working
npm ci --no-optional
The above command only worked when I added the optional package as
"optionalDependencies": {
"fsevents": "^2.3.2"
}
in the package.json file
It's not a proper solution, rather an ugly one, but it helped me out. It looks like npm ci --no-optional doesn't work and probably never worked. But at the same time flag --production works. And if we afford mutating package.json (e.g. in a docker container) then...
So I wrote a simple script that:
reads package.json content
Object.assign(cfg.dependencies, cfg.devDependencies)
delete cfg.devDependencies
overwrites the initial package.json
So finally we have:
dependencies contains both normal & dev dependencies
devDependencies section is empty
optionalDependencies are intact
And when we run npm ci --production we got what we want - no optional dependencies (in my case cypress). Due to the fact that all these steps are performed inside of a docker container we can mutate package.json.
But I'm not sure that it'll help you too.
In order to make npm ci --no-optional skip/ignore an optional pacakge, it's important to understand how npm intracts with package.json and pacakge-lock.json.
npm install --no-optional (is only effective if pacakge-lock.json doesn't exists otherwise it would ignore --no-optional)*
npm ci --no-optional is only effective if pakcage-lock.json was already created with npm install --no-optional**.
* This means if you want to make an already installed package an optional, you can would have to
Add it "optionalDependencies": either manulally or through npm install pacakge-name --save-optional
Delete the pacakge-lock.json.
then run rm -rf node_modules/
Lastly run npm install --no-optional
Add this point npm ci --no-optional isn't suppose to install it.
** TIP: you could debug if a certian package is assigned as optional by running npm ls package-name
Note: This one the reason why its recommended to keep trak pacakge-lock.json with git repo of the project.

What is the difference between "npm install" and "npm ci"?

I'm working with continuous integration and discovered the npm ci command.
I can't figure what the advantages are of using this command for my workflow.
Is it faster? Does it make the test harder, okay, and after?
From the official documentation for npm ci:
In short, the main differences between using npm install and npm ci are:
The project must have an existing package-lock.json or npm-shrinkwrap.json.
If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
npm ci can only install entire projects at a time: individual dependencies cannot be added with this command.
If a node_modules is already present, it will be automatically removed before npm ci begins its install.
It will never write to package.json or any of the package-locks: installs are essentially frozen.
Essentially,
npm install reads package.json to create a list of dependencies and uses package-lock.json to inform which versions of these dependencies to install. If a dependency is not in package-lock.json it will be added by npm install.
npm ci (also known as Clean Install) is meant to be used in automated environments — such as test platforms, continuous integration, and deployment — or, any situation where you want to make sure you're doing a clean install of your dependencies.
It installs dependencies directly from package-lock.json and uses package.json only to validate that there are no mismatched versions. If any dependencies are missing or have incompatible versions, it will throw an error.
Use npm install to add new dependencies, and to update dependencies on a project. Usually, you would use it during development after pulling changes that update the list of dependencies but it may be a good idea to use npm ci in this case.
Use npm ci if you need a deterministic, repeatable build. For example during continuous integration, automated jobs, etc. and when installing dependencies for the first time, instead of npm install.
npm install
Installs a package and all its dependencies.
Dependencies are driven by npm-shrinkwrap.json and package-lock.json (in that order).
without arguments: installs dependencies of a local module.
Can install global packages.
Will install any missing dependencies in node_modules.
It may write to package.json or package-lock.json.
When used with an argument (npm i packagename) it may write to package.json to add or update the dependency.
when used without arguments, (npm i) it may write to package-lock.json to lock down the version of some dependencies if they are not already in this file.
npm ci
Requires at least npm v5.7.1.
Requires package-lock.json or npm-shrinkwrap.json to be present.
Throws an error if dependencies from these two files don't match package.json.
Removes node_modules and install all dependencies at once.
It never writes to package.json or package-lock.json.
Algorithm
While npm ci generates the entire dependency tree from package-lock.json or npm-shrinkwrap.json, npm install updates the contents of node_modules using the following algorithm (source):
load the existing node_modules tree from disk
clone the tree
fetch the package.json and assorted metadata and add it to the clone
walk the clone and add any missing dependencies
dependencies will be added as close to the top as is possible
without breaking any other modules
compare the original tree with the cloned tree and make a list of
actions to take to convert one to the other
execute all of the actions, deepest first
kinds of actions are install, update, remove and move
npm ci will delete any existing node_modules folder and relies on the package-lock.json file to install the specific version of each package. It is significantly faster than npm install because it skips some features. Its clean state install is great for ci/cd pipelines and docker builds! You also use it to install everything all at once and not specific packages.
While everyone else has answered the technical differences none explain in what situations to use both.
You should use them in different situations.
npm install is great for development and in the CI when you want to cache the node_modules directory.
When to use this? You can do this if you are making a package for other people to use (you do NOT include node_modules in such a release). Regarding the caching, be careful, if you plan to support different versions of Node.js remember that node_modules might have to be reinstalled due to differences between the Node.js runtime requirements. If you wish to stick to one version, stick to the latest LTS.
npm ci should be used when you are to test and release a production application (a final product, not to be used by other packages) since it is important that you have the installation be as deterministic as possible, this install will take longer but will ultimately make your application more reliable (you do include node_modules in such a release). Stick with LTS version of Node.js.
npm i and npm ci both utilize the npm cache if it exists, this cache lives normally at ~/.npm.
Also, npm ci respects the package-lock.json file. Unlike npm install, which rewrites the file and always installs new versions.
Bonus: You could mix them depending on how complex you want to make it. On feature branches in git you could cache the node_modules to increase your teams productivity and on the merge request and master branches rely on npm ci for a deterministic outcome.
The documentation you linked had the summary:
In short, the main differences between using npm install and npm ci are:
The project must have an existing package-lock.json or npm-shrinkwrap.json.
If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
npm ci can only install entire projects at a time: individual dependencies cannot be added with this command.
If a node_modules is already present, it will be automatically removed before npm ci begins its install.
It will never write to package.json or any of the package-locks: installs are essentially frozen.
The commands are very similar in functionality however the difference is in the approach taken to install the dependencies specified in your package.json and package-lock.json files.
npm ci performs a clean install of all the dependencies of your app whereas npm install may skip some installations if they already exist on the system. A problem may arise if the version already installed on the system isn't the one your package.json intended to install i.e. the installed version is different from the 'required' version.
Other differences would be that npm ci never touches your package*.json files. It will stop installation and show an error if the dependency versions do not match in the package.json and package-lock.json files.
You can read a much better explanation from the official docs here.
Additionally, you may want to read about package locks here.
It is worth having in mind that light node docker images like alpine do not have Python installed which is a dependency of node-gyp which is used by npm ci.
I think it's a bit opinionated that in order to have npm ci working you need to install Python as dependency in your build.
More info here Docker and npm - gyp ERR! not ok
npm ci - install exactly what is listed in package-lock.json
npm install - without changing any versions in package.json, use package.json to create/update package-lock.json, then install exactly what is listed in package-lock.json
npm update - update package.json packages to latest versions, then use package.json to create/update package-lock.json, then install exactly what is listed in package-lock.json
Or said a different way, npm ci changes 0 package files, npm install changes 1 package file, and npm update changes 2 package files.
It does a clean install, use it in situations where you would delete node_modules and re-run npm i.
I have no idea why some people think it's short for "continuous integration". There is an npm install command that can be run as npm i and an npm clean-install command that can be run as npm ci.
npm install is the command used to install the dependencies listed in a project's package.json file, while npm ci is a command that installs dependencies from a package-lock.json or npm-shrinkwrap.json file. The npm ci command is typically used in continuous integration (CI) environments, where the package-lock.json or npm-shrinkwrap.json file is checked into version control and should not be modified. Because npm ci installs dependencies from a locked file, it is a faster and more reliable way to install dependencies than npm install, which could install different versions of dependencies based on the state of the package.json file.

How do I force npm to reinstall a single package, even if the version number is the same?

In my Node.js project, I have a dependency on another local project. Oftentimes, I need to make a small change to the dependency and see how it affects my main project. In order to do this, I have to reinstall my dependency using npm.
I can use npm update to try to update my dependency, but this seems like it will only work if the version number has changed on the dependency. I don't want to have to change the version number on my dependency every time I change a line of code or two to make an experimental change in development.
I can rm -rf node_modules/; npm install to ensure that I get the latest versions of all of my dependencies. Downloading all of my non-local dependencies takes several minutes, breaking up my train of thought.
Is there a way to force npm to reinstall a single dependency, even if that dependency's version number hasn't changed?
When you run npm install, it will install any missing dependencies, so you can combine it with an uninstall like this:
npm uninstall some_module; npm install
With npm 5, uninstalled modules are removed from the package.json, so you should use:
npm uninstall some_module; npm install some_module
On npm v 6.14:
npm install module_name --force --no-save
You get a message stating:
npm WARN using --force I sure hope you know what you are doing.
And then it proceeds to uninstall and reinstall the package.
Note: if you don't specify the --no-save option, npm updates the package version on package.json to the highest version that is compatible with the existing SemVer rule.
If you do not want npm to update the package's version on package.json, keep the --no-save option.
Not the best answer, but just for information, you can run
npm ci
It is the same as npm install, but it will remove the existing node_modules folder, if any, and do a fresh install for all packages. This is useful if the files in node_modules have been changed for some reason and you want to revert them to their original state.