lockfileVersion issues

Issue

npm introduced new package-lock.json versions with the lockfileVersion. When user has different version of npm, which package was created can ends up with git diffs and unnecessary issues.

From npmjs.com about lockfileVersion:
"No version provided: an "ancient" shrinkwrap file from a version of npm prior to npm v5.

  • lockfileVersion:1 The lockfile version used by npm v5 and v6.
  • lockfileVersion:2 The lockfile version used by npm v7, which is backwards compatible to v1 lockfiles.
  • lockfileVersion:3 The lockfile version used by npm v7, without backwards compatibility affordances. This is used for the hidden lockfile at _nodemodules/.package-lock.json, and will likely be used in a future version of npm, once support for npm v6 is no longer relevant."
- "lockfileVersion": 1
+ "lockfileVersion": 2
+ "required": true

Solution

To avoid modifying package-lock.json lockfileVersion field, use npm install --no-save

# Will NOT overwrite org package-lock.json file
npm install --no-save

more about lockfileVersion: lockfileVersion on npmjs.com