[BUG] Installing newer version from git doesn't update package lock nor node modules #3333
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
I have a module installed from git with a specific version (git tag), updating that module to a newer version updates only package.json and dependencies in package-lock.json but not the version URL in the package lock, resulting in having an incorrect version in node modules directory.
This is what my package.json looks like before updating:
{
"dependencies": {
"internal-package": "git+https://<redacted>@bitbucket.org/<redacted>/internal-package.git#v3.1.7"
}
}
This is what my package-lock.json looks like before updating:
{
"@swp/components": {
"version": "internal-package@git+https://<redacted>@bitbucket.org/<redacted>/internal-package.git#<hash_of_v3.1.7>",
"from": "internal-package@git+https://<redacted>@bitbucket.org/<redacted>/internal-package.git#v3.1.7"
}
}
After updating with npm install -S "git+https://<redacted>@bitbucket.org/<redacted>/internal-package.git#v4.0.0", they become:
{
"dependencies": {
"internal-package": "git+https://<redacted>@bitbucket.org/<redacted>/internal-package.git#v4.0.0"
}
}
and
{
"internal-package": {
"version": "internal-package@git+https://<redacted>@bitbucket.org/<redacted>/internal-package.git#<hash_of_v3.1.7>",
"from": "internal-package@git+https://<redacted>@bitbucket.org/<redacted>/internal-package.git#v4.0.0"
}
}
As you can see here, the hash of the commit tagged as v3.1.7 stayed in version field and that is the version that is in the end installed in node modules.
This setup was fully working on npm6 and only started failing on npm7.
Expected Behavior
Package lock is updated correctly and the right version is installed.
Steps To Reproduce
- Have internal packages installed from git
- Update them
- Observe issue
Environment
- OS: MacOS 11.4
- Node: 14.16
- npm: 7.7.5