If both package-lock.json and npm-shrinkwrap.json are present in the root ofĪ package, package-lock.json will be completely ignored. Otherwise using the publication process for producing production packages. This is not recommended unless deploying a CLI tool or It sharesĪ format with npm-shrinkwrap.json, which is essentially the same file, butĪllows publication.
Will be ignored if found in any place other than the toplevel package. One key detail about package-lock.json is that it cannot be published, and it To facilitate greater visibility of tree changes through readable source control diffs.Īnd optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages. Provide a facility for users to "time-travel" to previous states of node_modules without having to commit the directory itself. This file is intended to be committed into source repositories, and servesĭescribe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies. Generate identical trees, regardless of intermediate dependency updates. It describes theĮxact tree that was generated, such that subsequent installs are able to Modifies either the node_modules tree, or package.json. Package-lock.json is automatically generated for any operations where npm
If you're using npm 5+, you may see this notice on the command line: created a lockfile as package-lock.json. Yes, package-lock.json is intended to be checked into source control.
0 kommentar(er)
