package-lock.docx - package-lock.json A manifestation of...

This preview shows page 1 - 3 out of 6 pages.

package-lock.jsonA manifestation of the manifestVersion 8.x (Current release)Table of contentsDescriptionpackage-lock.json vs npm-shrinkwrap.jsonHidden LockfilesHandling Old LockfilesFile FormatonameoversionolockfileVersionopackagesodependenciesSee alsoDescriptionpackage-lock.jsonis automatically generated for any operations where npmmodifies either thenode_modulestree, orpackage.json. It describes the exacttree that was generated, such that subsequent installs are able to generateidentical trees, regardless of intermediate dependency updates.This file is intended to be committed into source repositories, and servesvarious purposes:Describe a single representation of a dependency tree such thatteammates, deployments, and continuous integration are guaranteedto install exactly the same dependencies.Provide a facility for users to "time-travel" to previous statesofnode_moduleswithout having to commit the directory itself.Facilitate greater visibility of tree changes through readable sourcecontrol diffs.Optimize the installation process by allowing npm to skip repeatedmetadata resolutions for previously-installed packages.As of npm v7, lockfiles include enough information to gain a completepicture of the package tree, reducing the need to
readpackage.jsonfiles, and allowing for significant performanceimprovements.package-lock.jsonvsnpm-shrinkwrap.jsonBoth of these files have the same format, and perform similar functions inthe root of a project.The difference is thatpackage-lock.jsoncannot be published, and it will beignored if found in any place other than the root project.In contrast,npm-shrinkwrap.jsonallows publication, and defines thedependency tree from the point encountered. This is not recommendedunless deploying a CLI tool or otherwise using the publication process forproducing production packages.If bothpackage-lock.jsonandnpm-shrinkwrap.jsonare present in the root of aproject,npm-shrinkwrap.jsonwill take precedence andpackage-lock.jsonwill beignored.Hidden LockfilesIn order to avoid processing thenode_modulesfolder repeatedly, npm as of v7uses a "hidden" lockfile present innode_modules/.package-lock.json. Thiscontains information about the tree, and is used in lieu of reading theentirenode_moduleshierarchy provided that the following conditions are met:All package folders it references exist in thenode_moduleshierarchy.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 6 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Summer
Professor
Alireza Moghaddam
Tags
Java package, NPM

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture