Is there an existing issue for this?

• I have searched the existing issues

This issue exists in the latest npm version

• I am using the latest npm

Current Behavior

Every time dependabot bumps stuff (usually ESLint related pkgs) and I locally sync w/ npm i the package-lock.json has been adding peer: "true" to eslint and acorn (latest example adamlui/ai-web-extensions@122f420)

I believe this started happening when I updated to 11.6.0 or .1

Expected Behavior

package-lock.json should remain unchanged when dependency resolution is identical

Steps To Reproduce

1. Open cmd.exe in Win10
2. With default npm config
3. Run npm i after a dependabot npm pkg bump
4. See package-lock.json got modified

Environment

• npm: 11.6.2
• Node.js: 22.15.0
• OS Name: Windows 10
• System Model Name: HP Notebook
• npm config: default

; node bin location = C:\Program Files\nodejs\node.exe
; node version = v22.15.0
; npm local prefix = e:\js\userscripts\.public
; npm version = 11.6.2
; cwd = e:\js\userscripts\.public
; HOME = C:\Users\adaaaam
; Run `npm config ls -l` to show all defaults.