npm install creates strange differences in package-lock.json between different machines

Question

I've tried googling this but couldn't find anything so trying here - we've recently upgraded to node 16.13.0 and npm 8.1.0, and after doing npm install we get the following diffs in package-lock.json:

-      "devOptional": true
+      "dev": true

and

-      "integrity": "sha512-15Ft8p1vVEvBQDjZV6XSQULHIbRTetygyGyaF953pq/ukW0AnnHD3Kra7NasJxryWfbBrD18i11uors0CvnOwg==",
-      "requires": {}
+      "integrity": "sha512-15Ft8p1vVEvBQDjZV6XSQULHIbRTetygyGyaF953pq/ukW0AnnHD3Kra7NasJxryWfbBrD18i11uors0CvnOwg=="

This happens for a small percentage of packages, but that small percentage is 60ish packages and I don't understand why these differences happen (especially since we're using the same node/npm)

Answer 1

I know I'm quite late to the party, but I'm posting this as it might help somebody...

There are many valid reasons to use the flag "--legacy-peer-deps" when updating node-packages. This is how I ran into the problem described above.

Here's how I solved it:

• Commit and push the changes (including all the unwanted ones described above) to the branch of the feature I was working on.
• Delete my local folder node_modules.
• Checkout the main branch.
• npm i
• Checkout the feature's branch again.
• npm i

By now, all unwanted changes made/ lines added will have been removed automatically.

• Commit and push these changes.

At this point, package-lock.json showed that only lines that were directly associated with the updated package had been changed on the feature's branch.

Answer 2

For those who are having the same issue, check that npm config legacy-peer-deps is set to false

npm config ls -l | grep legacy-peer-deps to check its value

npm config set legacy-peer-deps false to set it to false