package-lock.json behaves weirdly in npm-check-updates versions >= 16.4.0

[jashan777]

• [✔️] I have searched for similar issues
• [✔️] I am using the latest version of npm-check-updates
• [✔️] I am using node >= 14.14

---

Steps to Reproduce

node version - v14.20.0
npm version - v6.14.17
os - windows 11 or macos ventura 13.4

1. add npm-check-updates dependency in package.json file, version >= v16.4.0
2. do npm i
3. stage the changes, package.json and package-lock.json
4. remove the node_modules folder
5. do npm i again.

package-lock.json will change.

The changes are reverted if node_module folder is deleted and npm i is done.

ScreenShots
Below are the changes in package-lock.json after second npm i

first npm i : package-lock.json
packageFirst.txt.txt

second npm i: package-lock.json
packageSecond.txt.txt

[jashan777]

seems to be a npm version issue as the issue doesn't appear in npm versions >=8.19.3 & node>= 16.19.0

[raineorshine]

Yeah, this is more an npm issue than npm-check-updates. We don't touch the package lock file, and we don't have control over how the modules are installed.

[jashan777]

Yeah, this is more an npm issue than npm-check-updates. We don't touch the package lock file, and we don't have control over how the modules are installed.

The changes are reverted if one remove the node_modules folder again and do npm i , but suprisingly npm-check-updates version <= 16.3.0 works just fine and doesnt cause this issue.

[raineorshine]

Yes, that does seem strange. I wonder what changed between 16.3.0 and 16.4.0 that changed npm's install behavior.