Comments (4)
npm i
seem to put actual URL into the "version" field in the lockfile, whilst synp
uses version
directly from npmtree
. Not sure what'd be the best way to solve it.
UPD: the same applies to requires
part, npm i
would use a tarball url as a version, not the actual version which is fetched.
from synp.
https://npm.community/t/npm-audit-returns-400-from-registry-when-non-registry-packages-satisfy-specs-that-exist-in-the-registry/462 — can be somewhat related 🤷♂️
from synp.
Hey @DeTeam - thanks very much for the detailed report and reproduction!
I'm sorry it took me a short while to get to it.
Looks like you're right - I'm actually not sure if this was a change in npm or if this was wrong all along. It's something that is fixed by npm install
without changing the version, but is definitely not a good experience.
I think the solution is to change this function in order to accommodate the situation (reach the same result as when npm creates the file): https://github.com/imsnif/synp/blob/master/lib/entry.js#L9-L19
Do you feel like making a PR for this?
from synp.
On it with #28
from synp.
Related Issues (20)
- Every module in package-lock.json generated by synp has empty "requires" field which result in running failure because of module loss
- Workspace mode - yarn.lock conversion fails with invalid package.json in tests HOT 1
- Not working with Yarn 3.x
- Does not include optionalDependencies when translating yarn.lock to package-lock.json
- package-lock.json does not contain deps meta of resolved entries HOT 1
- dev dependencies are losing "dev" flag HOT 2
- Do not require `bash` for monorepos traversing
- Package-lock.json missing some deps compared to npm's version HOT 1
- Warning displayed by 'checkWorkspace' has typo: `--with-workspaces` should be `--with-workspace` HOT 2
- Fix npm v7 / package-lock v2 converter HOT 2
- pin colors.js version to 1.4.0 HOT 1
- The automated release is failing 🚨 HOT 7
- ChainAlert: npm package release (1.9.9) has no matching tag in this repo HOT 1
- Terminal Broken after initial conversion. HOT 5
- [Feature request] add `resolutions` support HOT 1
- Why do I need a node_modules folder? HOT 1
- Unknown token HOT 2
- create package-lock.json successfully ,but package-lock.json is overwritten after "npm install"
- sourceFile.split is not a function HOT 1
- package-lock v3 not working with npmToYarn
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from synp.