[BUG] `npm update --dev` triggers `npm WARN old lockfile` each time

[ehoogeveen-medweb]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Looks like this bug is back (though maybe the cause is different). Every time I run npm update --dev it says that my package-lock.json file was created with an old version of npm and it's doing a one-time fix-up.

npm 8.0.0 did not have this problem.

Expected Behavior

Either no fix-up (it happens even in an empty repo), or only one time.

Steps To Reproduce

1. From an empty directory
2. Run npm init -y
3. Run npm update --dev (this creates a package-lock.json)
4. Run npm update --dev again (this triggers the warning)
5. Note the npm WARN old lockfile

Environment

• OS: Windows 10 20H2 x64
• Node: 14.18.1
• npm: 8.1.0

[ehoogeveen-medweb]

Sorry about the edits, I guess npm upgrade is an alias for npm update but I meant the latter, and I guess this warning only happens after package-lock.json has been created.

[lll000111]

Same here, no "--dev" used:

I commented under this closed slightly different issue (it was the most applicable one I had found until I saw this one here just now): #3721 (comment) (with lots of info and log section)

Searched a lot of issues here and on StackOverflow with "WARN old lockfile" in them. None look relevant, most are "npm install" (where I have no warning) and conditions that I don't have. I checked several closed issues and what they weer redirected to and none seemed relevant either. I think I really have to (re)post under this OPEN issue, none of the closed once apply.

[ehoogeveen-medweb]

FWIW I also get this in our project even without --dev. But using --dev triggers the warning even on a freshly initialized project. I'm surprised a mature and widely used project like npm doesn't have tests for such a simple case to be honest (the warning doesn't break anything, but still).