npm - How to actually use package-lock.json for installing based on locked versions?

后端 未结 2 1914
灰色年华
灰色年华 2021-02-06 22:25

Just updated from npm 3 to 5, to use this feature.

Sorry, I must be missing something totally obvious, but how do make npm respect the pinned versions in packa

相关标签:
2条回答
  • 2021-02-06 22:48

    You need to use the npm ci command to install from package-lock.json.

    See: https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable

    0 讨论(0)
  • 2021-02-06 23:06

    Update: As Dave pointed out, the command for this situation is now npm ci. It will install from package-lock.json and will not update it. See the documentation for more information.


    According to this comment by a member of the npm CLI team, what you are describing is a "high priority bug".

    1. If you have a package.json and you run npm i we generate a package-lock.json from it.

    2. If you run npm i against that package.json and package-lock.json, the latter will never be updated, even if the package.json would be happy with newer versions.

    3. If you manually edit your package.json to have different ranges and run npm i and those ranges aren't compatible with your package-lock.json then the latter will be updated with version that are compatible with your package.json. Further runs of npm i will be as with 2 above.

    If you do run into a case where npm@^5.4.2 mutates a package-lock.json that was otherwise compatible with the paired package.json please open a new issue. This sort of thing would constitute a high priority bug.

    0 讨论(0)
提交回复
热议问题