Description

npm 5, even the version included in the latest Node.js 8.5.0 re-generates package-lock.json on each install. And when it does on a system that doesn't support all the optional dependencies that are supported on the OS where the lockfile was generated, it removes those optional deps from the lockfile.

The effect is that everyone firing npm install on our repo on any OS other than macOS will immediately get a dirty state of the repo as the fsevents dependency subtree gets removed from package-lock.json. That's a really bad experience.

Link to test case