I'm opening this issue because:

• npm is crashing.
• npm is producing an incorrect install.
• npm is doing something I don't understand.
• Other (see below for feature requests):

What's going wrong?

If package-lock.json is .gitignored, npm version will abort at the git add package-lock.json step and not do a version commit + tag.

14:01 $ npm version major
v1.0.0
npm ERR! code 1
npm ERR! Command failed: git add /.../package-lock.json
npm ERR! The following paths are ignored by one of your .gitignore files:
npm ERR! package-lock.json
npm ERR! Use -f if you really want to add them.
npm ERR!

I know you recommend commiting package-lock.json even for libraries, but there are also a lot of reasons that speak against it (false sense of security, mostly targeting older versions, ...). It should be up for the user to decide, at most print a warning, not fail npm version.

How can the CLI team reproduce the problem?

• add package-lock.json to .gitignore
• run npm version

supporting information:

• npm -v prints: 5.0.3
• node -v prints: 8.0.0
• npm config get registry prints: standard
• Windows, OS X/macOS, or Linux?: macos
• Network issues:
  • Geographic location where npm was run:
  • I use a proxy to connect to the npm registry.
  • I use a proxy to connect to the web.
  • I use a proxy when downloading Git repos.
  • I access the npm registry via a VPN
  • I don't use a proxy, but have limited or unreliable internet access.
• Container:
  • I develop using Vagrant on Windows.
  • I develop using Vagrant on OS X or Linux.
  • I develop / deploy using Docker.
  • I deploy to a PaaS (Triton, Heroku).