Exclude --package-lock-only from npm install

[jeeten-parmar]

Current Behavior

By running the command, npx lerna version --conventional-commits --no-changelog --no-push --yes, later on It is using npm install (npm install --package-lock-only --ignore-scripts) command internally. Due to certain changes in package lock file, It is failing repeatedly.
I want to exclude it.

• Exact error: lerna ERR! Error: Command failed with exit code 1: npm install --package-lock-only --ignore-scripts

Expected Behavior

I found may be similar issue here: #3386

Failure Logs / Configuration

lerna.json

{
  "packages": [
    "**"
  ],
  "version": "independent",
  "npmClientArgs": [
    "--legacy-peer-deps"
  ]
}

[simllll]

Experience the same during lerna publish

Somehow only happening since today, didn't update lerna though 🤔

npm install --package-lock-only --ignore-scriptslerna ERR! lerna npm ERR! code ETARGETlerna ERR! lerna npm ERR! notarget No matching version found for @hokify/jobmodule-xmlalex@^2.17.1.lerna ERR! lerna npm ERR! notarget In most cases you or one of your dependencies are requestinglerna ERR! lerna npm ERR! notarget a package version that doesn't exist.lerna ERR! lerna lerna ERR! lerna npm ERR! A complete log of this run can be found in:lerna ERR! lerna npm ERR! /root/.npm/_logs/2022-11-10T05_11_45_957Z-debug-0.logAction failed: see logs above for detailsFAILEDContainer exited with status code other than 0

[jeeten-parmar]

@simllll We got that error after upgrading Angular from v11 to v14 and related dependencies.

[simllll]

Could it be related to npm@9? This was set to latest npm yesterday

Ref #3403
https://github.blog/changelog/2022-10-24-npm-v9-0-0-released/

Wednesday Nov. 9th (General Availability)
To ensure npm@9.x is considered "non-breaking" for Node.js LTS we will codify a set of exit criteria in collaboration with the Release WG
npm@9.x will be set to the latest dist-tag (becoming the latest, maintained version of npm)
A PR will be opened to land npm@9.x in nodejs/node's main branch (exposing experimental/nightly users to this latest version)

[simllll]

It is definitely related to npm v9, works with version 8.

[paulrobertlloyd]

Just experienced the same error. Downgrading to npm v8 fixed it.

[TombolaShepless]

I'm using npm v8.19.2 and this has just started happening today, is there any workaround?

[ghiscoding]

The fix is to downgrade your npm as pointed out in the comment before yours, or the better solution is to wait for either PR #3434 or #3427 to merged and released, then use the option --legacy-peer-deps in npmClientArgs. As a last alternative, you can switch to Lerna-Lite which already has the fix in the latest release. Or wait another last, last alternative, would be to switch to another package manager (yarn or pnpm)

[TombolaShepless]

Thanks for getting back to me @ghiscoding but the recommended fix was to downgrade to npm v8, which I'm already on. This has been working fine for weeks and has randomly started happening today. No npm version bumps our end

[simllll]

@ghiscoding I'm not sure if this is really a fix or more just a workaround.
I think it could be related to #3455 .. as it sounds like the package is just not picked up correclty (No matching version found for ...)

[ghiscoding]

@TombolaShepless
as every Node and npm, they start backporting new versions (npm 9.x) into their older version (npm 8.x), so you might need to downgrade to an older version of npm (prior to v8.19.2).

@simllll
adding peer legacy might be just a workaround but technically speaking Lerna shouldn't touch at all any of the package manager lock files, it should let the package manager do it. I think Lerna does that now and runs npm install --package-lock-only but I could be wrong (that's the code I've put in Lerna-Lite long before Lerna did). Did anyone try running the command directly? Technically speaking it shouldn't fail unless the lock file has to be recreated (if so maybe delete the lock file and rerun the npm install command to get new lock file). I switched to pnpm myself, so I can't really test this anymore

[TombolaShepless]

Thanks @ghiscoding I'll give that a try, but what I don't understand is why this has been working for weeks using that exact npm version (8.19.2)?

[ghiscoding]

try running npm install --package-lock-only in the shell without Lerna. If that fails, then like I said, try to delete the lock file (you might also need to delete node_modules) and rerun npm install to recreate the lock file, that might work and might use a newer structure... if that still doesn't work, then try with npm install --package-lock-only --legacy-peer-deps

and for the reason why it worked before but fails today is because prior to today you probably didn't have any dependencies version that changed but you do today so it fails

[TombolaShepless]

@ghiscoding Can confirm that deleting the lock file and running npm i seems to have resolved the issue - packages are now publishing fine again. No idea how it got itself into a non-working-state. Thanks very much for your help.

[elassol]

Hello everyone,

I´m having the same issue while running publish inside the ci.

running the version of node and npm locally and in the ci:

node version = v18.16.1
npm version = 9.5.1

lerna info auto-confirmed s
lerna info execute Skipping releasess
lerna ERR! Error: Command failed with exit code 1: npm install --package-lock-only --ignore-scripts

I also get a bunch of warnings about peer dependencies relate to typescript, warnings in npm became errors in lerna:

lerna ERR! npm WARN ERESOLVE overriding peer dependency
lerna ERR! npm WARN While resolving: @phenomnomnominal/tsquery@4.2.0
lerna ERR! npm WARN Found: typescript@5.1.6
lerna ERR! npm WARN node_modules/typescript
lerna ERR! npm WARN dev typescript@"5.1.6" from the root project
lerna ERR! npm WARN 21 more (@angular-devkit/build-angular, ...)
lerna ERR! npm WARN

Also at the very end I get a auth error:

lerna ERR! npm ERR! code E401
lerna ERR! npm ERR! Unable to authenticate, your authentication token seems to be invalid.
lerna ERR! npm ERR! To correct this please trying logging in again with:
lerna ERR! npm ERR! npm login

Any ideas of how to solve it?
I try to remove lock file and npm install --legacy-peer-deps

Thanks in advance

[fahslaj]

@elassol Do you have dependencies that are downloaded from a 3rd party registry? It looks like authentication to a registry is failing.

[elassol]

@elassol Do you have dependencies that are downloaded from a 3rd party registry? It looks like authentication to a registry is failing.

Yes we have both private and public

We are using azure devops pipelines

I added the registry to lerna.json to try to force it to se the private one

And in the pipeline we have persistCredentials: true to keep credentials

• stage: lerna_publish
  pool:
  vmImage: ubuntu-latest
  dependsOn: []
  jobs:
  - job: publish_libraries
  steps:
  - checkout: self
  persistCredentials: true
  - template: templates/npm-install.yml
  - script: echo "condition met"
  displayName: 'Preparing code coverage file for publishing'
  - bash: |
  git config --global user.name "user"
  git config --global user.email "mail"
  git checkout master
  git pull
  cat .npmrc
  git add .npmrc
  git commit -m "bump version"
  - bash: git status
  - script: npm run publish:libs
  displayName: 'publish libs'
  - script: git push --tags origin HEAD:master
  displayName: 'push changes'