When working with a web developement projet, we may install packages and dependencies using npm install. However, there is another line of command npm ci that we may not be familiar with during local develepement. Personally, I found this command line in Gitlab CI/CD issue report which indicated that the dependencies in package-lock.json file is not synced with package.json. It is interesting to learn new things with an error. We will discuss the difference as below.
What npm install Actually Does
npm install always begins by reading your package.json to determine what dependencies your project needs. If a package-lock.json is present, it treats it as a suggestion—but it updates the file as well after installing all dependencies.
I came into a situation where I should switch .npmrc configuration according to different projets. As I installed (npm install) dependencies with other npmrc setting, my package-lock.json was replaced and was not synced with package.json file. So the issue happened in Gitlab CI/CD (Angular peer dependency mismatch issue).
npm error npm ci can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with npm install before continuing. npm error npm error Missing: chokidar@3.6.0 from lock file npm error npm error Clean install a projectWhat npm ci Actually Does
This issue happens especially in CI/CD environnement where npm ci is strict about exact dependency versions. As the error indicates, my package.json and package-lock.json are not in sync. What npm ci does is that it uses package-lock.json as the single source of truth. It removes node_modules and reinstalls packages from scratch to guarantee a clean environnement. With npm ci, the installation is faster because it skips the dependency resolution and does not check node_modules cache.
To fix the issue, I should just remove node_modules and package-lock.json file in my local environnement, switching to the right npmrc setting and reinstall with npm install. But somehow it failed always…
What npm ls helps
This annoyed me a lot. But this problem let me discovered another command line – npm ls. With npm ls chokidar, it output this error:
+-- @angular-devkit/build-angular@20.3.10 | +-- @angular-devkit/core@20.3.10 | | -- chokidar@4.0.3 deduped | +-- sass@1.90.0 | | -- chokidar@4.0.3 deduped | -- webpack-dev-server@5.2.2 | -- chokidar@3.6.0 +-- @angular/compiler-cli@20.3.11 | -- chokidar@4.0.3 +-- @schematics/angular@13.3.11 | -- @angular-devkit/core@13.3.11 | -- chokidar@4.0.3 deduped invalid: "^3.5.2" from node_modules/@schematics/angular/node_modules/@angular-devkit/core -- karma@6.4.4 -- chokidar@3.6.0
npm error code ELSPROBLEMS
npm error invalid: chokidar@4.0.3So it is clear that the chokidar version is not compatible. I fixed the chokidar version manuelly in my package.json file, removing node_modules and package-lock.json, and reinstalled all packages. Now when I checked with npm ls, no more conflits in dependencies installed.
