Role package-lock.json file
After npm5 will be more of a package-lock.json files after installation file, its role is to:
1. Install the package after locking version, manually change the file package.json will not install the update package, you want to update only use npm install [email protected] --save this way to carry out an updated version of package-lock.json files can
2. accelerate the speed of npm install, because the package-lock.json file has been recorded throughout node_modules folder tree structure, and even download the module addresses are recorded, when the re-installation requires only download files that is directly can
Its significance is locked version of the package, make sure to avoid problems arising in different package versions. Before using yarn due to installation package colleagues to the project, the final version does not have a problem eslint error occurred.
package-lock.json role
In fact, it can be summed up very simply, is the version number of the package when the lock is installed, and needs to be uploaded to git, in order to ensure that other people in the npm install all dependencies to ensure consistency.
@ Know almost quoted Zhou Nan contained answers
According to official documents, the package-lock.json is to generate a file in `npm install` time to record the current state of the actual installation of the various npm package of specific source and version number.
It is what use is it? Because npm is a manager for dependencies between management package, which allows developers to mark their own project depends on each library package npm in the middle pacakge.json. You can choose in such a way to indicate they need library package version
Here is an example:
"dependencies": {
"@types/node": "^8.0.33",
},This upward inside label ^ is defined backward (new) compatible rely , means that if the version types / node is more than 8.0.33, and on the same major version number (8), allows to download the latest version of the types / node library package, for example, may actually run npm install the download time of a specific version is 8.0.35. Tilde
In most cases this dependence to download the latest compatible to the new library package when they are no problem, but because the open source world is npm, semantic version of each library package may not be the same, and some library package developers do not comply with the principle of strict : a library with the same major version number of the package, in line with its interface compatibility requirements. This time is very user headache: a nodejs in exactly the same code base, at different times or under different npm download source, each of the dependencies to package versions may be different, so the behavior characteristics also depend library package sometimes completely incompatible different.
Thus began npm latest version provides automatic generation of package-lock.json function, in order to allow developers to know that as long as you save the source files to a new machine, or new download sources, just follow this package-lock .json specific version indicated on the package dependencies to download, you can ensure that all library package with your previous installation of exactly the same.
The original document can only lock package.json large version, which is the first version number, and can not be locked behind a small version of the latest version of the next major version every time you npm install is pulled, in order to stability we consider almost dare not rely upgrade package, which will lead to a lot of extra work, testing / adaptation, etc., so the package-lock.json file out, every time you install a dependent when he locked you installation of this version.
If that package when we installed bug, need to be updated later how to do?
May be the direct change in the previous version package.json inside, then npm install, but after 5 versions do not support this, because the version in the package-lock.json already locked in, so we can only npm install xxx @xxx this to update our dependence, and package-lock.json also be updated.
If I have a jquery 2.1.4 This version is installed, updated package.json and package-lock.json from git, I npm install can overwrite node_modules which depends on it?
In fact, I have this question, so do the test, after direct update package.json and package-loc.json these two documents, npm install can be covered directly out of the original version, so in the collaborative development, both If the file is updated, your development environment should npm install it fishes.
After npm5 will be more of a package-lock.json files after installation file, its role is to:
1. Install the package after locking version, manually change the file package.json will not install the update package, you want to update only use npm install [email protected] --save this way to carry out an updated version of package-lock.json files can
2. accelerate the speed of npm install, because the package-lock.json file has been recorded throughout node_modules folder tree structure, and even download the module addresses are recorded, when the re-installation requires only download files that is directly can
Its significance is locked version of the package, make sure to avoid problems arising in different package versions. Before using yarn due to installation package colleagues to the project, the final version does not have a problem eslint error occurred.
In fact, it can be summed up very simply, is the version number of the package when the lock is installed, and needs to be uploaded to git, in order to ensure that other people in the npm install all dependencies to ensure consistency.
@ Know almost quoted Zhou Nan contained answers
According to official documents, the package-lock.json is to generate a file in `npm install` time to record the current state of the actual installation of the various npm package of specific source and version number.
It is what use is it? Because npm is a manager for dependencies between management package, which allows developers to mark their own project depends on each library package npm in the middle pacakge.json. You can choose in such a way to indicate they need library package version
Here is an example:
"dependencies": {
"@types/node": "^8.0.33",
},This upward inside label ^ is defined backward (new) compatible rely , means that if the version types / node is more than 8.0.33, and on the same major version number (8), allows to download the latest version of the types / node library package, for example, may actually run npm install the download time of a specific version is 8.0.35. Tilde
In most cases this dependence to download the latest compatible to the new library package when they are no problem, but because the open source world is npm, semantic version of each library package may not be the same, and some library package developers do not comply with the principle of strict : a library with the same major version number of the package, in line with its interface compatibility requirements. This time is very user headache: a nodejs in exactly the same code base, at different times or under different npm download source, each of the dependencies to package versions may be different, so the behavior characteristics also depend library package sometimes completely incompatible different.
Thus began npm latest version provides automatic generation of package-lock.json function, in order to allow developers to know that as long as you save the source files to a new machine, or new download sources, just follow this package-lock .json specific version indicated on the package dependencies to download, you can ensure that all library package with your previous installation of exactly the same.
The original document can only lock package.json large version, which is the first version number, and can not be locked behind a small version of the latest version of the next major version every time you npm install is pulled, in order to stability we consider almost dare not rely upgrade package, which will lead to a lot of extra work, testing / adaptation, etc., so the package-lock.json file out, every time you install a dependent when he locked you installation of this version.
If that package when we installed bug, need to be updated later how to do?
May be the direct change in the previous version package.json inside, then npm install, but after 5 versions do not support this, because the version in the package-lock.json already locked in, so we can only npm install xxx @xxx this to update our dependence, and package-lock.json also be updated.
If I have a jquery 2.1.4 This version is installed, updated package.json and package-lock.json from git, I npm install can overwrite node_modules which depends on it?
In fact, I have this question, so do the test, after direct update package.json and package-loc.json these two documents, npm install can be covered directly out of the original version, so in the collaborative development, both If the file is updated, your development environment should npm install it fishes.