[BUG] git+https protocol not respected when generating package-lock.json #4305
Description
Is there an existing issue for this?
- I have searched the existing issues
This issue exists in the latest npm version
- I am using the latest npm
Current Behavior
When generating package-lock.json, git+https dependencies are resolved to git+ssh.
Expected Behavior
When installing dependencies with the git+https protocol, the resolved versions in package-lock.json should also use the git+https protocol. More generally, the resolved versions should always use the given protocol.
Steps To Reproduce
- Use a fresh installation of NPM (default config)
- Create a project with this
package.json:
{
"name": "test-npm-git",
"private": true,
"version": "never",
"dependencies": {
"noop": "git+https://github.com/coolaj86/noop.js#77ad7f28974dcd87eb0b91be9db9caf544356ad0"
}
}- Run
npm installin the project - Observe the
package-lock.json. For me, it looks like this:
{
"name": "test-npm-git",
"version": "never",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "test-npm-git",
"version": "never",
"dependencies": {
"noop": "git+https://github.com/coolaj86/noop.js#77ad7f28974dcd87eb0b91be9db9caf544356ad0"
}
},
"node_modules/noop": {
"version": "1.0.1",
"resolved": "git+ssh://git@github.com/coolaj86/noop.js.git#77ad7f28974dcd87eb0b91be9db9caf544356ad0",
"integrity": "sha512-Ie26MApU6CpCVRyp1GHFSQsY+zKe3uUXqQnu6bW9dYO/Cb1cpp34nvfi69WHpMvxLeG3Bhu9YV9ItP8z5z1HCQ==",
"license": "MIT OR CC0-1.0"
}
},
"dependencies": {
"noop": {
"version": "git+ssh://git@github.com/coolaj86/noop.js.git#77ad7f28974dcd87eb0b91be9db9caf544356ad0",
"integrity": "sha512-Ie26MApU6CpCVRyp1GHFSQsY+zKe3uUXqQnu6bW9dYO/Cb1cpp34nvfi69WHpMvxLeG3Bhu9YV9ItP8z5z1HCQ==",
"from": "noop@git+https://github.com/coolaj86/noop.js#77ad7f28974dcd87eb0b91be9db9caf544356ad0"
}
}
}Environment
npm -v: 8.3.2