NextJS not properly handling v3 package-lock.json in absence of .next directory

[jdharvey-ibm]

Verify canary release

• I verified that the issue exists in Next.js canary release

Provide environment information

Operating System:
  Platform: darwin
  Arch: x64
  Version: Darwin Kernel Version 21.4.0: Fri Mar 18 00:45:05 PDT 2022; root:xnu-8020.101.4~15/RELEASE_X86_64
Binaries:
  Node: 16.15.0
  npm: 8.5.5
  Yarn: 1.22.17
  pnpm: N/A
Relevant packages:
  next: 12.1.7-canary.3
  react: 18.1.0
  react-dom: 18.1.0

What browser are you using? (if relevant)

n/a

How are you deploying your application? (if relevant)

next dev

Describe the Bug

When using a v3 package-lock.json file, NextJS outputs the following when running npm run dev:

...
% npm run dev

> my-app@0.1.0 dev
> next dev

ready - started server on 0.0.0.0:3000, url: http://localhost:3000
warn  - SWC minify release candidate enabled. https://nextjs.org/docs/messages/swc-minify-enabled
warn  - Found lockfile missing swc dependencies, patching..
wait  - compiling...
event - compiled client and server successfully in 1665 ms (126 modules)
warn  - Lockfile was successfully patched, please run "npm install" to ensure @next/swc dependencies are downloaded
...

The problem is that the lockfile already has the swc native dependencies in it. This can be confirmed because the swc minifier works as expected, and this process does not actually alter the lockfile in a meaningful way.

NextJS alters the lock file by removing the final new line from the bottom, but no other content in the file is changed. Then (as per the instructions) I run npm install, and the only thing that happens is that the new line is re-added and git no longer marks the file as modified.

If I then run npm run dev again, I do not get the warning messages:

> my-app@0.1.0 dev
> next dev

ready - started server on 0.0.0.0:3000, url: http://localhost:3000
warn  - SWC minify release candidate enabled. https://nextjs.org/docs/messages/swc-minify-enabled
wait  - compiling...
event - compiled client and server successfully in 360 ms (126 modules)

At this point, if I delete the .next directory and run dev again, the whole process starts all over. Same if I run a dev vs production build, so my conclusion is that the message is somehow related to the build output / build cache.

Expected Behavior

I expect that NextJS does not modify my lockfile at all and instead just provides me with instructions of how to remedy the situation myself.

The warning given is a false alarm anyway because the lock file is not altered in any way except for the newline missing at the end; the swc dependencies are already there, so I also expect that NextJS does not report this as a warning in the first place.

To Reproduce

1. Create a new nextjs app via npx create-next-app@latest --use-npm
2. Create a .npmrc file containing:

   lockfile-version=3
   

3. Run npm install to convert the lockfile from v2 to v3
4. Add swcMinify: true to next.config.js
5. Run npm run dev
6. Observe that the message is output and the lockfile is changed to add the swc binaries
7. Run npm install as per the instructions in the command output
8. Run npm run dev
9. Observe that the message is now gone
10. Delete the .next directory
11. Run npm run dev
12. Observe that you get the message saying the lockfile doesn't contain the swc stuff again
13. Observe that the lockfile is modified, but only by removing the newline at the end
14. Run npm install and the lock file is back to what it was before
15. Repeat steps 8-14 indefinitely.

[balazsorban44]

This has been recently fixed in #36813 and will soon be out on canary.

[balazsorban44]

It is out now, please check 12.1.7-canary.4. There is still an incorrect warning logged, please follow #36816 (comment) for that.

[github-actions]

This closed issue has been automatically locked because it had no new activity for a month. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.