Order of "dependencies" object keys is being randomized

[jruales]

I'm using npm version 8.1.2, which uses "lockfileVersion": 2 for the package-lock.json. I notice that when running npx npm-force-resolutions, the dictionary under root -> "packages" -> "" in the package-lock.json now has keys in a random order instead of the alphabetical order it used to have. It would be better if the items are in the same, alphabetical order so that it's easier to compare diffs. In fact, when I look at the diff view, the entire file looks like it changed, since many things moved around.

[jruales]

Here you can see some of the diff:

[mwallace72]

I am seeing this as well, and it's generating a lot of churn in the file.

Specifically, fresh installs (empty node_modules) of the configured project ends up with a lock file that lists the dependencies in a seemingly randomized order.
In a non-fresh install (populated node_modules), installing a new dependency with npm install results in re-sorting the dependencies correctly, and does not run the preinstall: npx npm-force-resolutions at all. If you then run npx npm-force-resolutions after, it "fixes" the sorting discrepancy (i.e. changing the order back to whatever force-resolutions is using).

[magtutu]

It would be really awesome if this were addressed. I think the performance hit for either sorting or leaving the original sort order would be acceptable given how many teams are using this.

[joshuaeilers]

Happening to us as well. Removing this dependency for our preinstall prevents this dep re-order in npm install