Skip to content

[BUG] Inconsistent npm install with workspaces #9135

New issue
New issue
Open
Open
[BUG] Inconsistent npm install with workspaces#9135
Labels
Bugthing that needs fixingNeeds Triageneeds review for next steps
@Saibamen

Description

@Saibamen
Saibamen
opened on Mar 19, 2026

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

I need to do npm install twice to have the correct package-lock.json

Expected Behavior

package-lock.json is good on first npm install

Steps To Reproduce

  1. Download repro repo: https://github.com/Saibamen/npm-bug-repro-workspaces
  2. npm run clean:all (delete all node_modules folders + lock files)
  3. npm install
  4. npm audit --omit=dev
  5. See vulnerabilities from lodash package
  6. npm run clean (delete node_modules and lock file, but only in root folder)
  7. npm install
  8. npm audit --omit=dev
  9. ❎ No vulnerabilities and changed lock file

Environment

  • OS: Windows 11
; node bin location = C:\nvm4w\nodejs\node.exe
; node version = v24.14.0
; npm local prefix = C:\DEV\test_npm
; npm version = 11.12.0
; cwd = C:\DEV\test_npm
; HOME = C:\Users\AdamStachowicz

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bugthing that needs fixingNeeds Triageneeds review for next steps

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions