What does "requires: true" do in package-lock.json

Question

Our team just updated to npm@5. The package-lock.json was unified between Windows and Mac (certain dependencies are optional so they don't get installed on Windows, but they do on Mac) so that no matter the machine, we'd generate the same node_modules structure. That went fine, then each of the team members went through the following steps:

1. rm -rf node_modules
2. git pull
3. npm install

This actually went perfectly for all team members except for one, who had a modified package-lock.json after the npm install. The one modified line was that it removed "requires": true.

So I saw:

{
  ...
  "version": "0.0.1",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
  ...
}

But he saw:

{
  ...
  "version": "0.0.1",
  "lockfileVersion": 1,
  "dependencies": {
  ...
}

Does anybody know why requires: true might be removed from the package-lock.json file on some machines but not others? Also, a little explanation of what this property does wouldn't hurt. :)

Thanks in advance!

Answer 1

As I suspected in my comments, the requires field has been added since 5.1.0. You can see the related pull request here https://github.com/npm/npm/pull/17508 (changelog visible here https://github.com/npm/npm/releases/tag/v5.1.0)

To quote what it says:

This has a handful of fixes:

1. It introduces a new package-lock.json field, called requires, which tracks which modules a given module requires.
2. .....

To avoid these kind of conflict, I advise you (and myself as well) to ensure all your team mate are using the same npm version.

UPDATE

After upgrading npm to version 5.1.0, I was having trouble with missing dependencies (working on an Angular 4 application). If anyone is experiencing the same issue, here is what I did to solve it:

rm -rf node_modules
npm prune
npm install

Hope it helps.