Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Changing the tag or branch of a git dependency in package.json and running npm i does not update the lockfile nor node_modules.
When the dependency is declared using the semver:xxx or commit sha spec, the update does work correctly. As another workaround, removing the resolved and version lines from the package-lock forces npm to re-resolve the dependency.
Similar to issue reported in #5170 (comment) (the issue itself is about caching though).
#3427 concerned updating by running npm i <spec> which was fixed. This is about editing package.json and running plain npm i to update.
Expected Behavior
The new tag or branch should be resolved correctly, updating package-lock and node_modules accordingly.
Steps To Reproduce
- package.json:
{
"name": "repro",
"version": "1.0.0",
"dependencies": {
"uWebSockets.js": "uNetworking/uWebSockets.js#v20.51.0"
}
}
npm i installs v20.51.0 correctly- change package.json to
{
"name": "repro",
"version": "1.0.0",
"dependencies": {
"uWebSockets.js": "uNetworking/uWebSockets.js#v20.67.0"
}
}
npm i prints "up to date"cat node_modules/uWebSockets.js/package.json | grep '"version"' && echo '---lockfile---' && grep -A2 'node_modules/uWebSockets' package-lock.json shows the old versions in the node_modules and lockfile.
"version": "20.51.0",
---lockfile---
"node_modules/uWebSockets.js": {
"version": "20.51.0",
"resolved": "git+ssh://git@github.com/uNetworking/uWebSockets.js.git#6609a88ffa9a16ac5158046761356ce03250a0df",
Expected would be "changed 1 package" in 4. and
"version": "20.67.0",
---lockfile---
"node_modules/uWebSockets.js": {
"version": "20.67.0",
"resolved": "git+ssh://git@github.com/uNetworking/uWebSockets.js.git#e0f56ebb4b349017f006e14d1cd29052f2a7121d",
in 5.
Environment
- npm:
11.16.0 as well as a105799 (current latest)
- Node.js:
v26.2.0
- OS Name: Linux
- System Model Name: n/a
- npm config:
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
Changing the tag or branch of a git dependency in
package.jsonand runningnpm idoes not update the lockfile nor node_modules.When the dependency is declared using the
semver:xxxor commit sha spec, the update does work correctly. As another workaround, removing theresolvedandversionlines from the package-lock forces npm to re-resolve the dependency.Similar to issue reported in #5170 (comment) (the issue itself is about caching though).
#3427 concerned updating by running
npm i <spec>which was fixed. This is about editingpackage.jsonand running plainnpm ito update.Expected Behavior
The new tag or branch should be resolved correctly, updating package-lock and node_modules accordingly.
Steps To Reproduce
{ "name": "repro", "version": "1.0.0", "dependencies": { "uWebSockets.js": "uNetworking/uWebSockets.js#v20.51.0" } }npm iinstalls v20.51.0 correctly{ "name": "repro", "version": "1.0.0", "dependencies": { "uWebSockets.js": "uNetworking/uWebSockets.js#v20.67.0" } }npm iprints "up to date"cat node_modules/uWebSockets.js/package.json | grep '"version"' && echo '---lockfile---' && grep -A2 'node_modules/uWebSockets' package-lock.jsonshows the old versions in the node_modules and lockfile.Expected would be "changed 1 package" in 4. and
in 5.
Environment
11.16.0as well as a105799 (currentlatest)v26.2.0package-lock = true