Reference for the actual use of package.json in npm: npm basically uses this article, and then I mainly explain the package-lock.json
use and package.json
the difference
package-lock.json
This file was not available before npm 5 , and dependency information needs to be saved, and --save
parameters must be added each time it is installed ; the package-lock.json
file has been added in later versions of npm5 . When installing the package, there is no need to add --save
parameters, it will automatically save the dependency information, and will generate or update package-lock.json
this file.
And package-lock.json
what is the use of it?
When we need to download a certain package, such as: npm install art-template
In fact, not only downloads art-template
a package, but also downloads art-template
the dependent packages of the package and the various packages that the dependent packages depend on. Check the art-template的package.json
file to see the dependencies of art-template:
So when we remove node_modules
when you want to use npm install
by package.json
the time the associated packet used in the project to restore a file, the whole workflow is: query package.json
file to download Download the package, download and then from the current package downloaded package.json
file To query the dependent packages that need to be downloaded, download the dependent packages according to the address of the dependent package. In this search process, when there are many dependent packages, the download speed will be significantly reduced. At this time, package-lock.json
it comes in handy. This file saves node_modules
all the packages in the package (including the currently downloaded package and the dependent package). Information: version, download address (this information is written into the package-lock.json
file when the package is installed for the first time ). In this way npm install
, the current file is directly downloaded according to the download address at that time, instead of downloading the current package every time, and then querying the package.json
file of the current package before downloading. As a result, the download speed is greatly improved.
Let’s look at another situation: In the actual project development process, the latest version of the package is not suitable for the creation of the current project. Therefore, if a project depends on the 1.1.1
version, the npm install
latest version will actually be downloaded when you restart it. 1.1.1
, And this is not the result we want, and our main purpose is to lock 1.1.1
this version, and package-lock.json
this file starts to work at this time, it can lock the version number to prevent automatic upgrade to the new version, that is to say package-lock.json
If the version number configured in npm install
the package-lock.json
file is lower than the latest version number, the version number will not be upgraded at the time, so that the name in the file name is lock
worthy of the name.
to sum up:
package.json
It records which packages you have downloaded in the current project (that is npm install xx
, package information), records the package information you downloaded (address, version number, etc.), and does not include dependent package information.
package-lock.json
The file records which packages you have downloaded in the current project and the various dependent package information of these packages you downloaded, including the address, version number, etc. The main functions are as follows:
- When deleting the node_module directory, you want to
npm install
increase the download speed by restoring all packages. - Lock the version number to prevent automatic upgrade to the new version