nodejs · npm-cli-bot · Jan 21, 2026
diff --git a/deps/npm/docs/content/commands/npm-dedupe.md b/deps/npm/docs/content/commands/npm-dedupe.md
@@ -48,7 +48,7 @@ a
 ```
 
 During the installation process, the `c@1.0.3` dependency for `b` was placed in the root of the tree.
-Though `d`'s dependency on `c@1.x` could have been satisfied by `c@1.0.3`, the newer `c@1.9.0` dependency was used, because npm favors updates by default, even when doing so causes duplication.
+Though `d`'s dependency on `c@1.x` could have been satisfied by `c@1.0.3`, the newer `c@1.9.9` dependency was used, because npm favors updates by default, even when doing so causes duplication.
 
 Running `npm dedupe` will cause npm to note the duplication and re-evaluate, deleting the nested `c` module, because the one in the root is sufficient.
 

diff --git a/deps/npm/docs/content/commands/npm-install.md b/deps/npm/docs/content/commands/npm-install.md
@@ -23,6 +23,18 @@ If the package has a package-lock, or an npm shrinkwrap file, or a yarn lock fil
 
 See [package-lock.json](/configuring-npm/package-lock-json) and [`npm shrinkwrap`](/commands/npm-shrinkwrap).
 
+#### How `npm install` uses `package-lock.json`
+
+When you run `npm install` without arguments, npm compares `package.json` and `package-lock.json`:
+
+* **If the lockfile's resolved versions satisfy the `package.json` ranges:** npm uses the exact versions from `package-lock.json` to ensure reproducible builds across environments.
+
+* **If the ranges don't match:** npm resolves new versions that satisfy the `package.json` ranges and updates `package-lock.json` accordingly. This happens when you modify version ranges in `package.json` (e.g., changing `^7.0.0` to `^8.0.0`). Note that changing a range within the same major version (e.g., `^7.0.0` to `^7.1.0`) will only update the metadata in the lockfile if the currently installed version still satisfies the new range.
+
+In essence, `package-lock.json` locks your dependencies to specific versions, but `package.json` is the source of truth for acceptable version ranges. When the lockfile's versions satisfy the `package.json` ranges, the lockfile wins. When they conflict, `package.json` wins and the lockfile is updated.
+
+If you want to install packages while ensuring that `package.json` is not modified and that both files are strictly in sync, use [`npm ci`](/commands/npm-ci) instead.
+
 A `package` is:
 
 * a) a folder containing a program described by a [`package.json`](/configuring-npm/package-json) file

diff --git a/deps/npm/docs/content/commands/npm-ls.md b/deps/npm/docs/content/commands/npm-ls.md
@@ -23,7 +23,7 @@ Note that nested packages will *also* show the paths to the specified packages.
 For example, running `npm ls promzard` in npm's source tree will show:
 
 ```bash
-npm@11.7.0 /path/to/npm
+npm@11.8.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 ```

diff --git a/deps/npm/docs/content/commands/npm.md b/deps/npm/docs/content/commands/npm.md
@@ -14,7 +14,7 @@ Note: This command is unaware of workspaces.
 
 ### Version
 
-11.7.0
+11.8.0
 
 ### Description
 

diff --git a/deps/npm/docs/output/commands/npm-access.html b/deps/npm/docs/output/commands/npm-access.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-access----1170">
+<h1 id="----npm-access----1180">
     <span>npm-access</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Set access level on published packages</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-adduser.html b/deps/npm/docs/output/commands/npm-adduser.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-adduser----1170">
+<h1 id="----npm-adduser----1180">
     <span>npm-adduser</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Add a registry user account</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-audit.html b/deps/npm/docs/output/commands/npm-audit.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-audit----1170">
+<h1 id="----npm-audit----1180">
     <span>npm-audit</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Run a security audit</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-bugs.html b/deps/npm/docs/output/commands/npm-bugs.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-bugs----1170">
+<h1 id="----npm-bugs----1180">
     <span>npm-bugs</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Report bugs for a package in a web browser</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-cache.html b/deps/npm/docs/output/commands/npm-cache.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-cache----1170">
+<h1 id="----npm-cache----1180">
     <span>npm-cache</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Manipulates packages cache</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-ci.html b/deps/npm/docs/output/commands/npm-ci.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-ci----1170">
+<h1 id="----npm-ci----1180">
     <span>npm-ci</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Clean install a project</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-completion.html b/deps/npm/docs/output/commands/npm-completion.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-completion----1170">
+<h1 id="----npm-completion----1180">
     <span>npm-completion</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Tab Completion for npm</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-config.html b/deps/npm/docs/output/commands/npm-config.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-config----1170">
+<h1 id="----npm-config----1180">
     <span>npm-config</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Manage the npm configuration files</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-dedupe.html b/deps/npm/docs/output/commands/npm-dedupe.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-dedupe----1170">
+<h1 id="----npm-dedupe----1180">
     <span>npm-dedupe</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Reduce duplication in the package tree</span>
 </header>
@@ -182,7 +182,7 @@ <h3 id="description">Description</h3>
     `-- c@1.9.9
 </code></pre>
 <p>During the installation process, the <code>c@1.0.3</code> dependency for <code>b</code> was placed in the root of the tree.
-Though <code>d</code>'s dependency on <code>c@1.x</code> could have been satisfied by <code>c@1.0.3</code>, the newer <code>c@1.9.0</code> dependency was used, because npm favors updates by default, even when doing so causes duplication.</p>
+Though <code>d</code>'s dependency on <code>c@1.x</code> could have been satisfied by <code>c@1.0.3</code>, the newer <code>c@1.9.9</code> dependency was used, because npm favors updates by default, even when doing so causes duplication.</p>
 <p>Running <code>npm dedupe</code> will cause npm to note the duplication and re-evaluate, deleting the nested <code>c</code> module, because the one in the root is sufficient.</p>
 <p>To prefer deduplication over novelty during the installation process, run <code>npm install --prefer-dedupe</code> or <code>npm config set prefer-dedupe true</code>.</p>
 <p>Arguments are ignored.

diff --git a/deps/npm/docs/output/commands/npm-deprecate.html b/deps/npm/docs/output/commands/npm-deprecate.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-deprecate----1170">
+<h1 id="----npm-deprecate----1180">
     <span>npm-deprecate</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Deprecate a version of a package</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-diff.html b/deps/npm/docs/output/commands/npm-diff.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-diff----1170">
+<h1 id="----npm-diff----1180">
     <span>npm-diff</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">The registry diff command</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-dist-tag.html b/deps/npm/docs/output/commands/npm-dist-tag.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-dist-tag----1170">
+<h1 id="----npm-dist-tag----1180">
     <span>npm-dist-tag</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Modify package distribution tags</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-docs.html b/deps/npm/docs/output/commands/npm-docs.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-docs----1170">
+<h1 id="----npm-docs----1180">
     <span>npm-docs</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Open documentation for a package in a web browser</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-doctor.html b/deps/npm/docs/output/commands/npm-doctor.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-doctor----1170">
+<h1 id="----npm-doctor----1180">
     <span>npm-doctor</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Check the health of your npm environment</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-edit.html b/deps/npm/docs/output/commands/npm-edit.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-edit----1170">
+<h1 id="----npm-edit----1180">
     <span>npm-edit</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Edit an installed package</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-exec.html b/deps/npm/docs/output/commands/npm-exec.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-exec----1170">
+<h1 id="----npm-exec----1180">
     <span>npm-exec</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Run a command from a local or remote npm package</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-explain.html b/deps/npm/docs/output/commands/npm-explain.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-explain----1170">
+<h1 id="----npm-explain----1180">
     <span>npm-explain</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Explain installed packages</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-explore.html b/deps/npm/docs/output/commands/npm-explore.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-explore----1170">
+<h1 id="----npm-explore----1180">
     <span>npm-explore</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Browse an installed package</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-find-dupes.html b/deps/npm/docs/output/commands/npm-find-dupes.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-find-dupes----1170">
+<h1 id="----npm-find-dupes----1180">
     <span>npm-find-dupes</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Find duplication in the package tree</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-fund.html b/deps/npm/docs/output/commands/npm-fund.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-fund----1170">
+<h1 id="----npm-fund----1180">
     <span>npm-fund</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Retrieve funding information</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-help-search.html b/deps/npm/docs/output/commands/npm-help-search.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-help-search----1170">
+<h1 id="----npm-help-search----1180">
     <span>npm-help-search</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Search npm help documentation</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-help.html b/deps/npm/docs/output/commands/npm-help.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-help----1170">
+<h1 id="----npm-help----1180">
     <span>npm-help</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Get help on npm</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-init.html b/deps/npm/docs/output/commands/npm-init.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-init----1170">
+<h1 id="----npm-init----1180">
     <span>npm-init</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Create a package.json file</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-install-ci-test.html b/deps/npm/docs/output/commands/npm-install-ci-test.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-install-ci-test----1170">
+<h1 id="----npm-install-ci-test----1180">
     <span>npm-install-ci-test</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Install a project with a clean slate and run tests</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-install-test.html b/deps/npm/docs/output/commands/npm-install-test.html
@@ -141,9 +141,9 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-install-test----1170">
+<h1 id="----npm-install-test----1180">
     <span>npm-install-test</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Install package(s) and run tests</span>
 </header>

diff --git a/deps/npm/docs/output/commands/npm-install.html b/deps/npm/docs/output/commands/npm-install.html
@@ -141,16 +141,16 @@
 
 <section id="content">
 <header class="title">
-<h1 id="----npm-install----1170">
+<h1 id="----npm-install----1180">
     <span>npm-install</span>
-    <span class="version">@11.7.0</span>
+    <span class="version">@11.8.0</span>
 </h1>
 <span class="description">Install a package</span>
 </header>
 
 <section id="table_of_contents">
 <h2 id="table-of-contents">Table of contents</h2>
-<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><li><a href="#configuration">Configuration</a></li><ul><li><a href="#save"><code>save</code></a></li><li><a href="#save-exact"><code>save-exact</code></a></li><li><a href="#global"><code>global</code></a></li><li><a href="#install-strategy"><code>install-strategy</code></a></li><li><a href="#legacy-bundling"><code>legacy-bundling</code></a></li><li><a href="#global-style"><code>global-style</code></a></li><li><a href="#omit"><code>omit</code></a></li><li><a href="#include"><code>include</code></a></li><li><a href="#strict-peer-deps"><code>strict-peer-deps</code></a></li><li><a href="#prefer-dedupe"><code>prefer-dedupe</code></a></li><li><a href="#package-lock"><code>package-lock</code></a></li><li><a href="#package-lock-only"><code>package-lock-only</code></a></li><li><a href="#foreground-scripts"><code>foreground-scripts</code></a></li><li><a href="#ignore-scripts"><code>ignore-scripts</code></a></li><li><a href="#audit"><code>audit</code></a></li><li><a href="#before"><code>before</code></a></li><li><a href="#bin-links"><code>bin-links</code></a></li><li><a href="#fund"><code>fund</code></a></li><li><a href="#dry-run"><code>dry-run</code></a></li><li><a href="#cpu"><code>cpu</code></a></li><li><a href="#os"><code>os</code></a></li><li><a href="#libc"><code>libc</code></a></li><li><a href="#workspace"><code>workspace</code></a></li><li><a href="#workspaces"><code>workspaces</code></a></li><li><a href="#include-workspace-root"><code>include-workspace-root</code></a></li><li><a href="#install-links"><code>install-links</code></a></li></ul><li><a href="#algorithm">Algorithm</a></li><li><a href="#see-also">See Also</a></li></ul></div>
+<div id="_table_of_contents"><ul><li><a href="#synopsis">Synopsis</a></li><li><a href="#description">Description</a></li><ul><li><a href="#how-npm-install-uses-package-lockjson">How <code>npm install</code> uses <code>package-lock.json</code></a></li></ul><li><a href="#configuration">Configuration</a></li><ul><li><a href="#save"><code>save</code></a></li><li><a href="#save-exact"><code>save-exact</code></a></li><li><a href="#global"><code>global</code></a></li><li><a href="#install-strategy"><code>install-strategy</code></a></li><li><a href="#legacy-bundling"><code>legacy-bundling</code></a></li><li><a href="#global-style"><code>global-style</code></a></li><li><a href="#omit"><code>omit</code></a></li><li><a href="#include"><code>include</code></a></li><li><a href="#strict-peer-deps"><code>strict-peer-deps</code></a></li><li><a href="#prefer-dedupe"><code>prefer-dedupe</code></a></li><li><a href="#package-lock"><code>package-lock</code></a></li><li><a href="#package-lock-only"><code>package-lock-only</code></a></li><li><a href="#foreground-scripts"><code>foreground-scripts</code></a></li><li><a href="#ignore-scripts"><code>ignore-scripts</code></a></li><li><a href="#audit"><code>audit</code></a></li><li><a href="#before"><code>before</code></a></li><li><a href="#bin-links"><code>bin-links</code></a></li><li><a href="#fund"><code>fund</code></a></li><li><a href="#dry-run"><code>dry-run</code></a></li><li><a href="#cpu"><code>cpu</code></a></li><li><a href="#os"><code>os</code></a></li><li><a href="#libc"><code>libc</code></a></li><li><a href="#workspace"><code>workspace</code></a></li><li><a href="#workspaces"><code>workspaces</code></a></li><li><a href="#include-workspace-root"><code>include-workspace-root</code></a></li><li><a href="#install-links"><code>install-links</code></a></li></ul><li><a href="#algorithm">Algorithm</a></li><li><a href="#see-also">See Also</a></li></ul></div>
 </section>
 
 <div id="_content"><h3 id="synopsis">Synopsis</h3>
@@ -167,6 +167,18 @@ <h3 id="description">Description</h3>
 <li><code>yarn.lock</code></li>
 </ul>
 <p>See <a href="../configuring-npm/package-lock-json.html">package-lock.json</a> and <a href="../commands/npm-shrinkwrap.html"><code>npm shrinkwrap</code></a>.</p>
+<h4 id="how-npm-install-uses-package-lockjson">How <code>npm install</code> uses <code>package-lock.json</code></h4>
+<p>When you run <code>npm install</code> without arguments, npm compares <code>package.json</code> and <code>package-lock.json</code>:</p>
+<ul>
+<li>
+<p><strong>If the lockfile's resolved versions satisfy the <code>package.json</code> ranges:</strong> npm uses the exact versions from <code>package-lock.json</code> to ensure reproducible builds across environments.</p>
+</li>
+<li>
+<p><strong>If the ranges don't match:</strong> npm resolves new versions that satisfy the <code>package.json</code> ranges and updates <code>package-lock.json</code> accordingly. This happens when you modify version ranges in <code>package.json</code> (e.g., changing <code>^7.0.0</code> to <code>^8.0.0</code>). Note that changing a range within the same major version (e.g., <code>^7.0.0</code> to <code>^7.1.0</code>) will only update the metadata in the lockfile if the currently installed version still satisfies the new range.</p>
+</li>
+</ul>
+<p>In essence, <code>package-lock.json</code> locks your dependencies to specific versions, but <code>package.json</code> is the source of truth for acceptable version ranges. When the lockfile's versions satisfy the <code>package.json</code> ranges, the lockfile wins. When they conflict, <code>package.json</code> wins and the lockfile is updated.</p>
+<p>If you want to install packages while ensuring that <code>package.json</code> is not modified and that both files are strictly in sync, use <a href="../commands/npm-ci.html"><code>npm ci</code></a> instead.</p>
 <p>A <code>package</code> is:</p>
 <ul>
 <li>a) a folder containing a program described by a <a href="../configuring-npm/package-json.html"><code>package.json</code></a> file</li>
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,7 +14,7 @@ Note: This command is unaware of workspaces. @@
     ### Version
-.7.0
+.8.0
     ### Description
@@ Expand Down @@