package-lock.json file has erroneous resolved = false fields

[infinisil]

Description:

The package-lock.json file contains lines of the form

Rocket.Chat/package-lock.json

Lines 2991 to 2995 in f2f73af

	"abbrev": {
	"version": "1.1.1",
	"resolved": false,
	"integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q=="
	},

Where the resolved field doesn't actually point to the resolved URI, but is just false. This prevents certain tools, such as node2nix in my case, from being able to use the lock file to fully resolve dependencies.

I found this issue which mentions such a problem: https://npm.community/t/npm-install-or-npm-update-turns-a-bunch-of-resolved-in-package-lock-json-from-real-values-to-false/3308, but without any good solutions other than rm -rf node_modules && npm install.

It would be great if this problem could at least be temporarily fixed on the 2.0.0 release branch.

Expected behavior:

package-lock.json should point all resolved fields to URI's

Actual behavior:

Some URI's are false

[infinisil]

For now I was able to write a hacky jq script to fix it:

cat package-lock.json | jq 'walk(if type == "object" then with_entries(if (.value | type) == "object" and .value.resolved == false then .value.resolved = "https://registry.npmjs.org/\(.key)/-/\(.key)-\(.value.version).tgz" else . end) else . end)' > package-lock-new.json

[muelli]

FWIW: There are some other people reporting this behaviour, e.g.
https://npm.community/t/npm-install-or-npm-update-turns-a-bunch-of-resolved-in-package-lock-json-from-real-values-to-false/3308
or
https://npm.community/t/constant-resolved-false-toggle/276

[Noste]

Is there an explanation about why this is happening ?

[jgreen210]

At least two people (probably more) in my team are seeing this. We've been on npm 6.13.4 for a while, and have started seeing false values appearing in the last few weeks I think (for me, it started today).

For me, removing node_modules isn't helping. The package.json file in the one package I looked at had a URL for _resolved, not false.

[jgreen210]

I've never used npm link.

[jgreen210]

Oops. This isn't the npm project. Oh well.

I've never used RocketChat.

[sampaiodiego]

there are no more "resolved": false but if that happens to some of you, you can try the following npm/npm#20106 (comment)