How do I npm update dependency versions in the package-lock.json?

本小妞迷上赌 提交于 2020-01-02 12:16:07

问题


As in the title, but:

  • If it is possible, I don't want to hand-rewrite the version string manually in the package-lock.json,
  • I tried the following: How do I update each dependency in package.json to the latest version? but of course as expected, it only updated the package.json file,
  • I looked at the docs: package-lock.json docs and package-locks explanation docs,
  • as written in this question, the npm install behaviour was changed in npm v5.1.0, which if I'm correct, means that if I have npm version higher than 5.1.0, my app will (by default) always npm install from tha package.json, instead of the package-lock.json. However, I still have a dependency listed in my package-lock.json which has a vulnerability, and my github is screaming warning for it.

How to best solve this? If I'm installing from package.json anyway, is it a good practice to just delete the package-lock.json? Should I rather keep it updated? What to do if I want to use the lock instead?

I have never done anything like this before, so I'm not even sure that if I just rewrote a version string in the json it would work or break the npm install.

Is there a safe/professional way to change to package-lock.json, and keep it updated via npm?


回答1:


If you want update version in package-lock.json,you can do it by updating the package using

npm update <package_name>
  • '^' >> "Approximately equivalent to version"
  • '~' >> "Compatible with version"

Read more about '^' and '~' in your package.json >> Reference

As the package-lock specifies a version, location and integrity hash for every module and each of its dependencies, the install it creates will be the same, every single time for each user in shared project.

Everything You Wanted To Know About package-lock.json

Hope this will help you clear your thoughts.



来源:https://stackoverflow.com/questions/51083789/how-do-i-npm-update-dependency-versions-in-the-package-lock-json

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!