Skip to content

Latest commit

 

History

History
28 lines (14 loc) · 1.04 KB

README.md

File metadata and controls

28 lines (14 loc) · 1.04 KB

npm-overrides-bug

Repository to highlight bug for npm ci when used on versions above 8.5.5

Node Version: 16.14.2 or newer NPM Version: 8.6.0 or newer

This repo was set up with [email protected] and running npm install

Problem

If this repo is cloned and npm ci is run the following error is displayed:

Screenshot 2022-05-19 at 15 47 58

Listing the conflicts that npm detects from package-lock.json.

If npm i is used at this time or npm i --package-lock-only the following security vulnerabilities which were overriden in the package.json become restored:

Screenshot 2022-05-19 at 15 50 50

This behaviour is consistent on versions 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0 with these dependencies.

Workaround

If downgraded to [email protected] the npm ci command runs without error.