[BUG] npm i always pretends it "added 4 packages"

[targos]

Current Behavior:

With the provided reproduction steps, everytime npm i is executed, the output is:

added 4 packages, and audited 1729 packages in 2s

69 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

Expected Behavior:

Since the dependencies were previously installed with npm ci, npm i should be a no-op.

Steps To Reproduce:

See https://github.com/targos/npm7-cra#issue-3-npm-i-always-pretends-it-added-4-packages

Environment:

• OS: CentOS 8, Windows 10
• Node: 14.11.0
• npm: 7.0.0-beta.11

[isaacs]

Do you still see this with the latest v7 release? I can't reproduce this one.

[targos]

I see this with v7.0.0-beta.11. Is there a more recent version?

Full output of the repro:

# in ~/git/targos/npm7-cra on git:main o [16:18:21] 
$ git clean -fdx
Removing node_modules/

# in ~/git/targos/npm7-cra on git:main o [16:18:26] 
$ npm ci
npm WARN Error: Unsupported engine 
npm WARN deprecated @types/[email protected]: This is a stub types definition. testing-library__dom provides its own type definitions, so you do not need this installed.
npm WARN deprecated [email protected]: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: use String.prototype.padStart()
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/[email protected]: joi is leaving the @hapi organization and moving back to 'joi' (https://github.com/sideway/joi/issues/2411)
npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.

added 1733 packages, and audited 1729 packages in 6s

69 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

# in ~/git/targos/npm7-cra on git:main x [16:18:38] 
$ npm i

added 4 packages, and audited 1729 packages in 2s

69 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

[ruyadorno]

ah, it has to do with optional dependencies @isaacs, easy to reproduce with --no-optional:

[email protected] ~/tmp/test-cra-01 npm i --no-optional
npm WARN deprecated @types/[email protected]: This is a stub types definition. testing-library__dom provides its own type definitions, so you do not need this installed.
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated [email protected]: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: use String.prototype.padStart()
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/[email protected]: joi is leaving the @hapi organization and moving back to 'joi' (https://github.com/sideway/joi/issues/2411)
npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.

added 1995 packages, and audited 1901 packages in 34s

68 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
[email protected] ~/tmp/test-cra-01 npm i --no-optional

added 94 packages, and audited 1901 packages in 2s

68 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

[ruyadorno]

Hi @targos thanks for reporting this one! 😄 It should now be fixed in latest beta release: v7.0.0-beta.13

Let us know in case you find more issues, these were super helpful 😊 Thanks again!