Reference for the actual use of package.json in npm: npm basically uses this article, and then I mainly explain the package-lock.jsonuse and package.jsonthe difference
package-lock.jsonThis file was not available before npm 5 , and dependency information needs to be saved, and --saveparameters must be added each time it is installed ; the package-lock.jsonfile has been added in later versions of npm5 . When installing the package, there is no need to add --saveparameters, it will automatically save the dependency information, and will generate or update package-lock.jsonthis file.
And package-lock.jsonwhat is the use of it?
When we need to download a certain package, such as: npm install art-templateIn fact, not only downloads art-templatea package, but also downloads art-templatethe dependent packages of the package and the various packages that the dependent packages depend on. Check the art-template的package.jsonfile to see the dependencies of art-template:
So when we remove node_moduleswhen you want to use npm installby package.jsonthe time the associated packet used in the project to restore a file, the whole workflow is: query package.jsonfile to download Download the package, download and then from the current package downloaded package.jsonfile To query the dependent packages that need to be downloaded, download the dependent packages according to the address of the dependent package. In this search process, when there are many dependent packages, the download speed will be significantly reduced. At this time, package-lock.jsonit comes in handy. This file saves node_modulesall the packages in the package (including the currently downloaded package and the dependent package). Information: version, download address (this information is written into the package-lock.jsonfile when the package is installed for the first time ). In this way npm install, the current file is directly downloaded according to the download address at that time, instead of downloading the current package every time, and then querying the package.jsonfile of the current package before downloading. As a result, the download speed is greatly improved.
Let’s look at another situation: In the actual project development process, the latest version of the package is not suitable for the creation of the current project. Therefore, if a project depends on the 1.1.1version, the npm installlatest version will actually be downloaded when you restart it. 1.1.1, And this is not the result we want, and our main purpose is to lock 1.1.1this version, and package-lock.jsonthis file starts to work at this time, it can lock the version number to prevent automatic upgrade to the new version, that is to say package-lock.jsonIf the version number configured in npm installthe package-lock.jsonfile is lower than the latest version number, the version number will not be upgraded at the time, so that the name in the file name is lockworthy of the name.
to sum up:
package.jsonIt records which packages you have downloaded in the current project (that is npm install xx, package information), records the package information you downloaded (address, version number, etc.), and does not include dependent package information.
package-lock.jsonThe file records which packages you have downloaded in the current project and the various dependent package information of these packages you downloaded, including the address, version number, etc. The main functions are as follows:
- When deleting the node_module directory, you want to
npm installincrease the download speed by restoring all packages. - Lock the version number to prevent automatic upgrade to the new version