[BUG] npm always writes a repository name into the package-lock.json file when not specified in package.json (lock file changes depending on local repository name)

[Standard8]

Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

When I create a package.json that does not have a name value, then npm automatically adds a name field depending on the local repository directory name.

This causes additional, unexpected changes, when different developers update the installed packages. It also may cause confusion that the package.json does not specify a name, but the lock file does.

#2264 was the original version of this, but has been closed, and unfortunately the issue does not appear to be fully resolved

Expected Behavior

Since the name property is optiona, there should be no top-level name property in the package-lock.json file if one is not specified in the package.json file.

Steps To Reproduce

1. Run $ mkdir npmtest && cd npmtest
2. Create a package.json file with the content:

{}

3. Run $ npm install
4. Examine the created package-lock.json file.

=> The package-lock.json file contains a "name": "npmtest", line at the top-level.

5. Rename the directory ($ cd .. && mv npmtest npmtest1)
6. Run $npm install again

=> The package-lock.json file now contains "name": "npmtest1", at the top-level.

Environment

• npm: 11.0.0
• Node.js: 23.5.0
• OS Name: macOS
• System Model Name:
• npm config:

; "user" config from /Users/mark/.npmrc

; node bin location = /opt/homebrew/Cellar/node/23.5.0/bin/node
; node version = v23.5.0
; npm local prefix = /Users/mark/dev/npmtest
; npm version = 11.0.0
; cwd = /Users/mark/dev/npmtest1
; HOME = /Users/mark