发表新帖
发表新帖

npm notice created a lockfile as package-lock.json. You should commit this file

后端 未结
关注
8 2018
栀梦
栀梦 2020-12-09 01:06

I have been trying to load the skeleton of express with npm install express. It outputs the following line:

npm notice created a lockfil

相关标签:
8条回答
  • 一向
    2020-12-09 01:44

    Yes you should, As it locks the version of each and every package which you are using in your app and when you run npm install it install the exact same version in your node_modules folder. This is important becasue let say you are using bootstrap 3 in your application and if there is no package-lock.json file in your project then npm install will install bootstrap 4 which is the latest and you whole app ui will break due to version mismatch.

    0 讨论(0)
  • 你的背包
    2020-12-09 01:49

    You can update the existing package-lock.json file instead of creating a new one. Just change the version number to a different one. 

    { "name": "theme","version": "1.0.1", "description": "theme description"}
    0 讨论(0)
  • 感动是毒
    2020-12-09 01:50

    If this is output from a Dockerfile then you don't want / need to commit it.

    However you will want to tag the base image and any other contributing images / applications.

    E.g.

    FROM node:12.18.1
    0 讨论(0)
  • 故里飘歌
    2020-12-09 01:56

    Yes it is wise to use a version control system for your project. Anyway, focusing on your installation warning issue you can try to launch npm install command starting from your root project folder instead of outside of it, so the installation steps will only update the existing package-lock.json file instead of creating a new one. Hope this helps.

    0 讨论(0)
  • 借酒劲吻你
    2020-12-09 01:58

    It should also be noted that one key detail about package-lock.json is that it cannot be published, and it will be ignored if found in any place other than the top level package. It shares a format with npm-shrinkwrap.json(5), which is essentially the same file, but allows publication. This is not recommended unless deploying a CLI tool or otherwise using the publication process for producing production packages.

    If both package-lock.json and npm-shrinkwrap.json are present in the root of a package, package-lock.json will be completely ignored.

    0 讨论(0)
  • 暖寄归人
    2020-12-09 02:01

    Yes. You should add this file to your version control system, i.e. You should commit it.

    This file is intended to be committed into source repositories

    You can read more about what it is/what it does here:

    package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

    0 讨论(0)
 看不清?
提交回复
热议问题