Why does `package-lock.json` causes a failure in a docker container build when `npm install`?

by

From your question:

Note: npm install works fine on my local machine, just fails in docker container

If you are using npm install, you are not sure to have the same version of dependencies.

For having a reproducible environment, without unexpected issues because of different version of dependencies, you’d rather use npm ci (clean-install):

This command is similar to npm-install, except it’s meant to be used
in automated environments such as test platforms, continuous
integration, and deployment – or any situation where you want to make
sure you’re doing a clean install of your dependencies. It can be
significantly faster than a regular npm install by skipping certain
user-oriented features. It is also more strict than a regular install,
which can help catch errors or inconsistencies caused by the
incrementally-installed local environments of most npm users.

In short, the main differences between using npm install and npm ci
are:

  • The project must have an existing package-lock.json or
    npm-shrinkwrap.json.
  • If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
  • npm ci can only install entire projects at a time: individual dependencies cannot be added with this command.
  • If a node_modules is already present, it will be automatically removed before npm ci begins its install.
  • It will never write to package.json or any of the package-locks: installs are essentially frozen.

A Fabian Gander’s article gives further clarification about the npm install and npm ci tools and provides advice on when to use each one. The below table is from that source:

  cases                                | npm install | npm ci
 --------------------------------------|-------------|-------------
  needs package.json                   | no          | yes
  needs package-lock.json              | no          | yes
  installs from package.json           | yes         | no
  installs from package-lock.json      | no          | yes
  compares both                        | no          | yes
  updates loose package versions       | yes         | no
  updates loose dependencies           | yes         | no
  writes to package.json               | yes         | no
  writes to package-lock.json          | yes         | no
  deletes node_modules before install  | no          | yes
  used for installing separate package | yes         | no
  should be used on build systems / CI | no          | yes
  can be used for development          | yes         | yes
  reproducible installs                | no          | yes

This is why package-lock.json is there, to be available for tools like npm ci.

After having a reproducible environment, if this doesn’t fix your issue, you need to keep investigating, but IMO it should be the first step.

More Related Contents:

  1. Why does “npm install” rewrite package-lock.json?
  2. How to set npm credentials using `npm login` without reading from stdin?
  3. How do I fix a vulnerable npm package in my package-lock.json that isn’t listed in the package.json?
  4. Is there any way to fix package-lock.json lockfileVersion so npm uses a specific format?
  5. How to fix npm throwing error without sudo
  6. Is there a way to make npm install (the command) to work behind proxy?
  7. NodeJS require a global module/package
  8. npm install private github repositories by dependency in package.json
  9. Cannot install packages using node package manager in Ubuntu
  10. npm ERR cb() never called
  11. Node – was compiled against a different Node.js version using NODE_MODULE_VERSION 51
  12. How to edit a node module installed via npm?
  13. How to install a node.js module without using npm?
  14. npm can’t find package.json
  15. Change default global installation directory for node.js modules in Windows?
  16. Docker – SequelizeConnectionRefusedError: connect ECONNREFUSED 127.0.0.1:3306
  17. Global npm install location on windows?
  18. 2013 Meteor NPM Packages
  19. npm install – javascript heap out of memory
  20. Can’t uninstall global npm packages after installing nvm
  21. Fail to install npm package “npm ERR! errno -4048”
  22. Babel unexpected token import when running mocha tests
  23. How to resolve Node.js: “Error: ENOENT: no such file or directory”
  24. Node Sass does not yet support your current environment: Windows 64-bit with Unsupported runtime (88)
  25. Can’t install any packages in Node.js using “npm install”
  26. Difference between `npm start` & `node app.js`, when starting app?
  27. NPM cannot install dependencies – Attempt to unlock something which hasn’t been locked
  28. nodejs “npm ERR! code SELF_SIGNED_CERT_IN_CHAIN”
  29. npm install that requires node-gyp fails on Windows
  30. npm update check failed

Leave a Comment