npm WARN old lockfile The package-lock.json file was created with an old version of npm

I've a dockerfile as below, but during RUN npm ci step, there is a warning,

npm WARN old lockfile The package-lock.json file was created with an old version of npm

which I can not able to figure out..

I tried with npm install rather npm ci and added the --package-lock flag, but I am still getting this warning. It’s a kind of warning. Do I have to ignore it or what should I do to solve this?

Step 12/26 : RUN npm ci --production --package-lock &&     npm ci --production --package-lock --prefix ./ui-runner
 ---> Running in 3473c209b98c
npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile

Here is my Dockerfile.

FROM node:14.17.1-alpine3.13 AS builder
WORKDIR /usr/src/app
COPY package.json package-lock.json* ./
COPY ui-runner/package*.json ./ui-runner/
COPY .npmrc .npmrc
COPY ui-runner/.npmrc ./ui-runner/.npmrc
RUN npm -g install [email protected]
RUN npm ci --production --package-lock && \
    npm ci --production --package-lock --prefix ./ui-runner
RUN rm -f .npmrc && \
    rm -f ui-runner/.npmrc

FROM node:14.17.1-alpine3.13
WORKDIR /usr/src/app
RUN apk update && apk add --no-cache curl bash
RUN addgroup -g 1001 test && \
    adduser -S -u 1001 -G test test
RUN chown -R test /usr/src/app && \
    chmod 755 /usr/src/app
COPY --from=builder /usr/src/app /usr/src/app
COPY . .
RUN npm run build:docker
USER test
EXPOSE 3000 9183
CMD [ "npm", "run", "start:ui-runner" ]

Solution 1:

There are several ways to deal with this:

1. Ignore it. It's just a warning and does not affect the installation of modules.

2. Run npm ci to make sure your node_modules reflects the lock file, then remove package-lock.json, and then run npm install (with the newer version of npm) to regenerate a package-lock.json. Because everything in node_modules will meet all the requirements, the only change from npm install will be a newly-generated package-lock.json file. Commit the updated version of package-lock.json to the repo/Docker image or whatever.

3. Downgrade npm to an older version in production. Consider running npm version 6 as that is what ships with the current (as of this writing) Long Term Support (LTS) version of Node.js. In the case being asked about in this question, I imagine you can just leave out the RUN npm -g install [email protected] from the Dockerfile and instead use the version of npm that is installed with the Docker image (which in this case will almost certainly be npm@6 since that is what ships with Node.js 14.x).

4. If you already have a version of npm installed but want to run one command with an older version of npm but otherwise keep the newer version, you can use npx (which ships with npm) to do that. For example, npx npm@6 ci would run npm ci with npm version 6 even if you have version 7 installed.

Solution 2:

I had a similar problem but upgrading npm npm i -g npm on my machine before building the image solved it for me. You may still get the warn message but the image build process won't be halted.

Solution 3:

I am having the same problem as well after upgrading my npm version. It seems like a bug from npm 7.19.1, and I'd suggest to downgrade to an older version.

You can check below for all the npm versions

https://www.npmjs.com/package/npm?activeTab=versions

Install the desired version with this command in the console, and substitute "V" with your desired version:

npm install -g npm@"V"

Solution 4:

An easy solution to this is to use NVM to manage your node versions. Especially on Linux this saves a lot of trouble with file permissions, developing in different environments, etc. NPM recommends this in their documentation here.

This error for me was solved by switching Node.js versions with nvm,

nvm install 14
nvm use 14

It is always an easy thing to try and switch to a slightly older or newer Node.js version if you are running into weird Node.js or npm issues.

Solution 5:

TL;DR

As Trott suggested it is totally fine to ignore the warning. To fix the warning/problem keep reading.

The problem/warning is with the line:

RUN npm -g install [email protected]

Removing this line should fix the problem/warning.

Explanation

The package-lock generated which is part of your source repository ideally is generated with npm version < npm@7 which ships with Node.js <= [email protected]. My guess comes from your first line of Dockerfile.

FROM node:14.17.1-alpine3.13 AS builder

For example Node.js LTS v14.17.1 ships with [email protected]. See the full release list here.

npm@5, npm@6 generate package-lock@v1, which is now a legacy release as per this link. And npm@7 which is the latest release generates package-lock@v2. When you do: npm -g install [email protected]. It overrides your existing package-lock@v1 with package-lock@v2 giving out the warning in the process.`

npm WARN old lockfile The package-lock.json file was created with an old version of npm`

The updated Dockerfile should look like this:

FROM node:14.17.1-alpine3.13 AS builder
WORKDIR /usr/src/app
COPY package.json package-lock.json* ./
COPY ui-runner/package*.json ./ui-runner/
COPY .npmrc .npmrc
COPY ui-runner/.npmrc ./ui-runner/.npmrc
RUN npm ci --production --package-lock && \
    npm ci --production --package-lock --prefix ./ui-runner
RUN rm -f .npmrc && \
    rm -f ui-runner/.npmrc

FROM node:14.17.1-alpine3.13
WORKDIR /usr/src/app
RUN apk update && apk add --no-cache curl bash
RUN addgroup -g 1001 test && \
    adduser -S -u 1001 -G test test
RUN chown -R test /usr/src/app && \
    chmod 755 /usr/src/app
COPY --from=builder /usr/src/app /usr/src/app
COPY . .
RUN npm run build:docker
USER test
EXPOSE 3000 9183
CMD [ "npm", "run", "start:ui-runner" ]