Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I'm using the scripts section of the package.json to force resolutions:

"preinstall": "npx npm-force-resolutions"
in the resolutions section, I have entered graceful-fs with a specified version:
"resolutions": {
  "graceful-fs": "^4.2.4",
When i run npm i everything is installed correctly, the set versions are taken in to account. But later on when I install an additional module, e.g. npm i random-package, my set versions are being thrown away and I endup with graceful-fs@1.2.3 and other low versions in some dependencies.
If I clear the node_modules folder and run npm i again, everything is alright again.
I also tried setting the resolution more specific, like
"resolutions": {
  "glob/**/graceful-fs": "^4.2.4",
but this doesn't help.
I also tried:
adding the module as dependency, devDependency or peerDependency
using a shrinkwrap and overriding it there
but no luck.
what am I missing?
                I don't think there is no other way around it until you move away from those packages that depend on it or those packages get updated.
– Leo Fisher
                Jan 12, 2021 at 19:04
                I don't have an answer, but I can save  you some time.  What works for me - I don't have to clear node_modules folder after installing the package.  All I have to do is type npm i  afterwards and it does the fixes.  Still annoying, but at least you don't have to clear the entire folder first.
– dgo
                May 26, 2021 at 16:29
Best way is to change the preinstall script to this:
"preinstall": "([ ! -f package-lock.json ] && npm install --package-lock-only --ignore-scripts --no-audit); npx npm-force-resolutions"
This will only run npm install to create your initial package-lock.json when it does not exist yet.

This is much faster than always running both (npm + npx).
As of npm 8.3.0, you can also use npm's override:
  "overrides": {
    "graceful-fs": "^4.2.4"
                I've found that with extreme cases (specifying a tarball version à la stackoverflow.com/a/69591894/132735) the preinstall route didn't work and ended up running npx npm-force-resolutions manually and pushing the changed lockfile
– Dr1Ku
                Nov 12, 2021 at 9:49
Hi @NthDegree the only way which worked for me was to first run the normal npm install and then add the packages-lock.json file to git. After doing that when you add "preinstall": "npx npm-force-resolutions",   it always updates the dependency resolution to the version mentioned.
I am not sure if adding packages-lock.json file to git is good or bad but by using this method the CI/CD pipeline works as well.
                packages-lock.json is meant to be in source control. See stackoverflow.com/a/44210813/1183010   Furthermore, see my answer for a minor tweak to the preinstall script solving the 'packages-lock.json` doesn't exist issue.
– R. Oosterholt
                Nov 18, 2021 at 16:49
If all of the above answers don't work and you still get sh: npm-force-resolutions: command not found
try the following:
Just change:
"preinstall": "npx npm-force-resolutions"
"preinstall": "npx force-resolutions"
npx force-resolutions does not run when no package-lock.json is detected, and allows the next command inline to be executed as normal
Credit to: https://github.com/rogeriochaves/npm-force-resolutions/issues/10#issuecomment-885458937
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.