- npm 是什么?
- 如何安装 npm 并管理 npm 版本
- How to Prevent Permissions Errors
- 如何安装本地包
- Working with package.json
- 如何更新本地安装的包
- 如何卸载本地安装的包
- 如何安装全局包
- 如何更新全局安装的包
- 如何卸载全局安装的包
- 如何创建 Node.js 模块
- How to Publish & Update a Package
- 如何使用语义化版本
- How to Work with Scoped Packages
- How to Label Packages with Dist-tags
- How to Use Two-Factor Authentication
- How to Work with Security Tokens
- How to Change Profile Settings from the CLI
- Understanding Packages and Modules
- npm-access
- npm-adduser
- npm-audit
- npm-bin
- npm-bugs
- npm-build
- npm-bundle
- npm-cache
- npm-ci
- npm-completion
- npm-config
- npm-dedupe
- npm-deprecate
- npm-dist-tag
- npm-docs
- npm-doctor
- npm-edit
- npm-explore
- npm-help
- npm-help-search
- npm-hook
- npm-init
- npm-install
- npm install-ci-test -- Install a project with a clean slate and run tests
- npm install-test -- 安装依赖包并运行测试
- npm-link
- npm-logout
- npm-ls
- npm
- npm-org
- npm-outdated
- npm-owner
- npm-pack
- npm-ping
- npm-prefix
- npm-profile
- npm-prune
- npm-publish
- npm-rebuild
- npm-repo
- npm-restart
- npm-root
- npm-run-script
- npm-search
- npm-shrinkwrap
- npm-star
- npm-stars
- npm-start
- npm-stop
- npm-team
- npm-test
- npm-token
- npm-uninstall
- npm-unpublish
- npm-update
- npm-version
- npm-view
- npm-whoami
- npm-coding-style
- npm-config
- npm-developers
- npm-disputes
- npm-orgs
- npm-registry
- npm-removal
- npm-scope
- npm-scripts
- semver
- npm-folders
- npmrc
- package-lock.json
- npm-package-locks
- package.json
- npm-shrinkwrap.json
- 尝试 node 的最新稳定版本
- Try the latest stable version of npm
- 如果 npm 损坏了
- Try clearing the npm cache
- Common Errors
package-lock.json
A manifestation of the manifest
Description
package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.
This file is intended to be committed into source repositories, and serves various purposes:
Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.
Provide a facility for users to "time-travel" to previous states of
node_moduleswithout having to commit the directory itself.To facilitate greater visibility of tree changes through readable source control diffs.
And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.
One key detail about package-lock.json is that it cannot be published, and it will be ignored if found in any place other than the toplevel package. It shares a format with FILE FORMAT
name
The name of the package this is a package-lock for. This must match what's in package.json.
version
The version of the package this is a package-lock for. This must match what's in package.json.
lockfileVersion
An integer version, starting at 1 with the version number of this document whose semantics were used when generating this package-lock.json.
packageIntegrity
This is a .
preserveSymlinks
Indicates that the install was done with the environment variable NODE_PRESERVE_SYMLINKS enabled. The installer should insist that the value of this property match that environment variable.
dependencies
A mapping of package name to dependency object. Dependency objects have the following properties:
version
This is a specifier that uniquely identifies this package and should be usable in fetching a new copy of it.
- bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes.
- registry sources: This is a version number. (eg,
1.2.3) - git sources: This is a git specifier with resolved committish. (eg,
git+https://example.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e) - http tarball sources: This is the URL of the tarball. (eg,
https://example.com/example-1.3.0.tgz) - local tarball sources: This is the file URL of the tarball. (eg
file:///opt/storage/example-1.3.0.tgz) - local link sources: This is the file URL of the link. (eg
file:libs/our-module)
integrity
This is a resolved
- For bundled dependencies this is not included, regardless of source.
- For registry sources this is path of the tarball relative to the registry URL. If the tarball URL isn't on the same server as the registry URL then this is a complete URL.
bundled
If true, this is the bundled dependency and will be installed by the parent module. When installing, this module will be extracted from the parent module during the extract phase, not installed as a separate dependency.
dev
If true then this dependency is either a development dependency ONLY of the top level module or a transitive dependency of one. This is false for dependencies that are both a development dependency of the top level and a transitive dependency of a non-development dependency of the top level.
optional
If true then this dependency is either an optional dependency ONLY of the top level module or a transitive dependency of one. This is false for dependencies that are both an optional dependency of the top level and a transitive dependency of a non-optional dependency of the top level.
All optional dependencies should be included even if they're uninstallable on the current platform.
requires
This is a mapping of module name to version. This is a list of everything this module requires, regardless of where it will be installed. The version should match via normal matching rules a dependency either in our dependencies or in a level higher than us.
dependencies
The dependencies of this dependency, exactly as at the top level.
See Also
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论