Auto add self dependency to npm

[tienchai-ample]

Type: Bug

When I open a package.json file (for npm), it seems that these 2 things happen:

1. a self dependency is added into the package.json file
2. package-lock.json is generated.

This is as-if npm install . was called every time I open a package.json file, on the package.json directory.

Extension version: 0.9.5
VS Code version: Code 1.92.0 (b1c0a14de1414fcdaa400695b4db1c0799bc3124, 2024-07-31T23:26:45.634Z)
OS version: Windows_NT x64 10.0.22631
Modes:

System Info

Item	Value
CPUs	13th Gen Intel(R) Core(TM) i7-1360P (16 x 2611)
GPU Status	2d_canvas: enabled canvas_oop_rasterization: enabled_on direct_rendering_display_compositor: disabled_off_ok gpu_compositing: enabled multiple_raster_threads: enabled_on opengl: enabled_on rasterization: enabled raw_draw: disabled_off_ok skia_graphite: disabled_off video_decode: enabled video_encode: enabled vulkan: disabled_off webgl: enabled webgl2: enabled webgpu: enabled webnn: disabled_off
Load (avg)	undefined
Memory (System)	31.68GB (18.59GB free)
Process Argv	--crash-reporter-id 1fede22c-cab8-45ed-8080-59ceef7a5290
Screen Reader	no
VM	0%

A/B Experiments

vsliv368:30146709
vspor879:30202332
vspor708:30202333
vspor363:30204092
vscorecescf:30445987
vscod805:30301674
binariesv615:30325510
vsaa593cf:30376535
py29gd2263:31024239
c4g48928:30535728
azure-dev_surveyone:30548225
a9j8j154:30646983
962ge761:30959799
pythongtdpath:30769146
welcomedialogc:30910334
pythonnoceb:30805159
asynctok:30898717
pythonregdiag2:30936856
pythonmypyd1:30879173
h48ei257:31000450
pythontbext0:30879054
accentitlementst:30995554
dsvsc016:30899300
dsvsc017:30899301
dsvsc018:30899302
cppperfnew:31000557
dsvsc020:30976470
pythonait:31006305
dsvsc021:30996838
da93g388:31013173
pythoncenvpt:31062603
a69g1124:31058053
dvdeprecation:31068756
dwnewjupytercf:31046870
impr_priority:31102340
refactort:31108082
ccplt:31103426
pythonrstrctxt:31103193
wkspc-onlycs-c:31106320
wkspc-ranged-c:31107834

[Joniras]

I had to enable/disable every extension by hand to find out it is this extension preventing me basically to build my library.
More details from me:
Everytime i alter/open a package.json and delete the line

    "@libraryname/ngx-table": "file:",

it gets added again and prevents me to build.
I alos get the same behaviour in another project where "webapp": "file:" is added (webapp is the name of the folder the project is in).

[pmeske]

I can confirm this Issue with Version v0.9.5

[scoorpion1008]

It seems like you’re encountering an issue where opening a package.json file in Visual Studio Code triggers behavior similar to running npm install ., resulting in a self-dependency being added and a package-lock.json file being generated. This is not the expected behavior when simply opening a file. a few steps you can take to troubleshoot and potentially resolve the issue:

Check for Extension Conflicts: Sometimes, extensions can cause unexpected behavior. Check if you have any extensions related to npm or package management that might be causing this issue1.
Update VS Code and Extensions: Ensure that your VS Code and all extensions are up to date. An outdated extension or VS Code version might have known bugs that have been fixed in later releases.
Review Extension Settings: Look into the settings of your installed extensions to see if there’s an option that might be causing this behavior. Some extensions have features that automatically run npm commands upon certain triggers.
Disable Extensions: Try disabling all extensions and then re-enable them one by one to identify if a specific extension is causing the problem.
Check VS Code Settings: Review your VS Code settings (both user and workspace settings) for any configurations related to npm or scripts that might be running on file open.
Consult VS Code Documentation: The VS Code documentation and community forums can be a valuable resource for troubleshooting issues. You might find others who have experienced similar problems and shared solutions2.
Report the Issue: If none of the above steps help, consider reporting the issue to the VS Code GitHub repository with detailed information about your setup and the steps to reproduce the bug.
Remember to back up your package.json and package-lock.json files before making changes or updates, just in case you need to revert to a previous state. Hopefully, these steps will help you resolve the issue and prevent the unwanted behavior from occurring.

[gian1200]

Is that a bot comment?

---

Regarding the issue, it happens on last version only (0.9.5).

In my case, it happens even when package.json is closed (when git reverting the change or opening VSCode).

As a workaround one can force 0.9.4 or disable the dependency and rollback the changes (I did the 2nd one) until a new version with a fix is released.

[scoorpion1008]

Iam Mexican....lol was just trying to be helpful by providing precise/concise alternatives for troubleshooting the possible issues
and regarding the package. Json it’s good to hear that you’ve identified the issue as being specific to version 0.9.5 of the extension and that you’ve found a workaround forcing 0.9.4 disabling the dependency and rolling back the changes a temporary solution until the extension’s maintainers releases a new version with a fix. i would hit them up with the issue or use code pilot in vscode for a robust suggestion

[yostane]

I also have the above described issue with this additional effect:

• Auto-format of package.json on file open
• Auto-add of self dependency in package-lock.json
• AFAIK No logs anywhere in the output windows. So I had to check extensions one by one to find the culprit

By switching to 0.9.4 the issue disappeared, but I get a warning notification Command failed: npm i --package-lock-only --prefix ...

[GuiRitter]

This is specially annoying after I moved to yarn, as it keeps downloading the dreaded node_modules which I finally managed to get myself rid of...