Package-lock.json - requires vs dependencies

為{幸葍}努か 提交于 2020-12-30 04:55:49

问题


In package-lock.json in dependency object, I have both requires and dependencies fields, e.g

  "requires": {
    "@angular-devkit/core": "0.8.5",
    "rxjs": "6.2.2",
    "tree-kill": "1.2.0",
    "webpack-sources": "1.3.0"
  },
  "dependencies": {
    "rxjs": {
      "version": "6.2.2",
      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.2.2.tgz",
      "integrity": "sha512-0MI8+mkKAXZUF9vMrEoPnaoHkfzBPP4IGwUYRJhIRJF6/w3uByO1e91bEHn8zd43RdkTMKiooYKmwz7RH6zfOQ==",
      "dev": true,
      "requires": {
        "tslib": "1.9.3"
      }
    }
  }

What is the difference between these two? Why some dependencies are listed in requires, other in dependencies, and some of them in both of these fields?


回答1:


By default, npm installs all packages directly in node_modules.

However, let's say that package X is dependent on package Z in version 1.0 and package Y is dependent on the same package Z, but in version 2.0. In this case we have to install two versions of this package. One will be installed in root node_modules folder, and another one will be installed in node_modules folder of dependant package, e.g.

package.json
node_modules
    /X
    /Y
        /node_modules
            /Z@2.0
    /Z@1.0

Equally likely, npm could build a different, but still correct, package tree:

package.json
node_modules
    /X
        /node_modules
            /Z@1.0
    /Y
    /Z@2.0

The package-lock.json file will attempt to describe not only the dependencies of your project, but this tree structure as well. Which of the two trees above to build will be encoded in the JSON.

With this knowledge, it's easy to understand:

"requires" reflects dependencies from package.json file of this dependency, while dependencies reflects actually installed dependencies in node_modules folder of this dependency.




回答2:


After reading the answers above. Maybe I can put it in a more simple way

requires can be shared by among all other top levels dependencies while dependencies are standalone, belonging only to the module require it

i.e.

"@angular-devkit/core": "0.8.5","tree-kill": "1.2.0", "webpack-sources": "1.3.0" do not belong only to the module, they are in the same level as the module require them. By contrast, "rxjs": "6.2.2" exist exclusively due to the module require it. And it is used only by the module



来源:https://stackoverflow.com/questions/52926922/package-lock-json-requires-vs-dependencies

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!