Just created a new project from scratch. It defaulted to node v8.1.x and npm v5 which is great.
However, adding packages to the package.json file (either manually or by using the great “Add Package” button, does not update the corresponding package-lock.json file, and so the dependency is not actually installed.
For instance, adding node-fetch as a dependency using Add Package seems to “work” (succeeds without errors), but writing require('node-fetch') in server.js fails with a “module not found.”
This was quite confusing and hard to debug! Is there a new “proper” way to add packages and update the lockfile? My workaround was to simply delete package-lock.json and ignore the warnings that the auto-npm-install script generates in the logs.
I’m guessing they’ll need to update the install.sh script they run when package.json is updated to delete the lockfile prior to running npm install.
Or, I guess, add a preinstall script of
"preinstall": "rm package-lock.json",
to the default package.json.
Hi @nfarina, @shindakun,
we’ve just pushed a fix, thanks for reporting!
Unfortunately we have to disable package-lock.json entirely for now, as npm install would both create a package-lock.json and modify package.json, possibly sending the editor out of sync.
So yes, for now we delete package-lock.json and use npm install --no-save.
Sorry for the inconvenience! Let us know if this fixes your issues 
2 Likes
Makes sense, thanks for jumping on this so quickly!
Indeed, it did fix the issue - I created a new test project, added a new dependency and everything worked as expected.
Cheers!