[BUG] package-lock issues with workspaces

[targos]

Current Behavior:

After installing the dependencies in an npm workspace for the first time, running npm install a second time changes the package-lock.json:

1. Some dependencies are removed from it
2. The "name" field of the sub-packages is set (it wasn't present on the first install)

Expected Behavior:

Running npm install right after creation of the package-lock.json shouldn't change it.

Steps To Reproduce:

You can reproduce with the following repo: the last commit contains the package-lock.json created by the first npm install --legacy-peer-deps call.

git clone https://github.com/targos/npm-workspace-lock.git
cd npm-workspace-lock
npm install
git diff

Environment:

• OS: Windows 10
• Node: 15.7.0
• npm: 7.5.1

[AviVahl]

This issue has been driving me crazy, heh.

On my repo (ts-tools) it doesn't remove any dependencies on the second run, but does add the "name" field of all local packages.

I end up running git clean -fdx && rm package-lock.json && npm i && git clean -fdx && npm i every time I want to regenerate my lock file from scratch. The second git clean -fdx && npm i is to ensure lock file is "final".

[darcyclarke]

@targos can you try the latest v7 & see if this is still reproducible? (ie. npm i -g npm@7)

[targos]

@darcyclarke It is still reproducible with npm v7.5.1.

I pushed a new commit to the repro that corresponds to the state after rm -rf node_modules && rm package-lock.json && npm install.
Running npm install after that results in:

> npm i

removed 36 packages, and audited 1810 packages in 2s

129 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

And there's a similar diff as before (removed packages + added "name" fields)

[targos]

I also just realized that the second npm install seems to remove the packages that have "extraneous": true, in the lock file.