npm install changed the package-lock resolved for some packages from registry.npmjs.org to registry.yarnpkg.com

Question

I am using npm 6

❯ npm -v
6.14.11

and the registry is set to

❯ npm config get registry
https://registry.npmjs.org/

❯ cat  ~/.npmrc
registry=https://registry.npmjs.org/

removing the package-lock.json(should not be needed) file and running npm install generates some values that load from yarnpkg registry

example

"deep-is": {
      "version": "0.1.3",
      "resolved": "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.3.tgz",
      "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=",
      "dev": true
    },

why is that? and why is my registry preference not respected?

Answer 1

I am running npm -v 6.14.15

Perhaps you didn't remove the node_modules folder before doing an install? Apparently the registry value from node_modules will override anything from the package-lock.json.

You should change the registry values inside of the package-lock.json, delete node_modules folder, and then do an npm i.

Answer 2

npm install respects the package-lock. It won't update it unless you're adding/updating a package (which you've done in the past after configuring the new registry, resulting in some entries with the new registry).

If you're interested in updating your package-lock to use the new registry for all deps, see this question.