What happened?
package-lock.json in v0.74.0 is missing resolved/integrity fields for many registry packages.
This breaks offline/reproducible npm consumers such as Nix buildNpmPackage: the dependency cache is incomplete, then offline npm ci fails with ENOTCACHED for packages like @anthropic-ai/sdk, @types/node, or undici-types.
This appears to start at 551385e4 (chore: migrate packages to earendil works scope). Both parents of that merge had complete registry metadata.
Steps to reproduce
If I advance the release in https://github.com/pusherofbrooms/pi-mono-nix to upstream v0.74.0, and build (after updating the hashes, the build fails with a ENOTCACHED error.
In order to build properly now, we must provide our own package lock file with the necessary fields.
Expected behavior
With the resolved and integrity fields, nix build with v0.74.0 builds without issue.
I'd be happy to attempt a PR but I feel like that package lock is generated automatically.
Version
0.74.0 / main
What happened?
package-lock.json in v0.74.0 is missing resolved/integrity fields for many registry packages.
This breaks offline/reproducible npm consumers such as Nix
buildNpmPackage: the dependency cache is incomplete, then offlinenpm cifails withENOTCACHEDfor packages like@anthropic-ai/sdk,@types/node, orundici-types.This appears to start at
551385e4(chore: migrate packages to earendil works scope). Both parents of that merge had complete registry metadata.Steps to reproduce
If I advance the release in https://github.com/pusherofbrooms/pi-mono-nix to upstream v0.74.0, and build (after updating the hashes, the build fails with a
ENOTCACHEDerror.In order to build properly now, we must provide our own package lock file with the necessary fields.
Expected behavior
With the resolved and integrity fields,
nix buildwith v0.74.0 builds without issue.I'd be happy to attempt a PR but I feel like that package lock is generated automatically.
Version
0.74.0 / main