- npm 是什么?
- 如何安装 npm 并管理 npm 版本
- How to Prevent Permissions Errors
- 如何安装本地包
- Working with package.json
- 如何更新本地安装的包
- 如何卸载本地安装的包
- 如何安装全局包
- 如何更新全局安装的包
- 如何卸载全局安装的包
- 如何创建 Node.js 模块
- How to Publish & Update a Package
- 如何使用语义化版本
- How to Work with Scoped Packages
- How to Label Packages with Dist-tags
- How to Use Two-Factor Authentication
- How to Work with Security Tokens
- How to Change Profile Settings from the CLI
- Understanding Packages and Modules
- npm-access
- npm-adduser
- npm-audit
- npm-bin
- npm-bugs
- npm-build
- npm-bundle
- npm-cache
- npm-ci
- npm-completion
- npm-config
- npm-dedupe
- npm-deprecate
- npm-dist-tag
- npm-docs
- npm-doctor
- npm-edit
- npm-explore
- npm-help
- npm-help-search
- npm-hook
- npm-init
- npm-install
- npm install-ci-test -- Install a project with a clean slate and run tests
- npm install-test -- 安装依赖包并运行测试
- npm-link
- npm-logout
- npm-ls
- npm
- npm-org
- npm-outdated
- npm-owner
- npm-pack
- npm-ping
- npm-prefix
- npm-profile
- npm-prune
- npm-publish
- npm-rebuild
- npm-repo
- npm-restart
- npm-root
- npm-run-script
- npm-search
- npm-shrinkwrap
- npm-star
- npm-stars
- npm-start
- npm-stop
- npm-team
- npm-test
- npm-token
- npm-uninstall
- npm-unpublish
- npm-update
- npm-version
- npm-view
- npm-whoami
- npm-coding-style
- npm-config
- npm-developers
- npm-disputes
- npm-orgs
- npm-registry
- npm-removal
- npm-scope
- npm-scripts
- semver
- npm-folders
- npmrc
- package-lock.json
- npm-package-locks
- package.json
- npm-shrinkwrap.json
- 尝试 node 的最新稳定版本
- Try the latest stable version of npm
- 如果 npm 损坏了
- Try clearing the npm cache
- Common Errors
npm-package-locks
An explanation of npm lockfiles
Description
Conceptually, the "input" to Using locked packages
Using a locked package is no different than using any package without a package
lock: any commands that update node_modules and/or package.json's
dependencies will automatically sync the existing lockfile. This includes npm install, npm rm, npm update, etc. To prevent this update from happening,
you can use the --no-save option to prevent saving altogether, or
--no-shrinkwrap to allow package.json to be updated while leaving
package-lock.json or npm-shrinkwrap.json intact.
It is highly recommended you commit the generated package lock to source
control: this will allow anyone else on your team, your deployments, your
CI/continuous integration, and anyone else who runs npm install in your
package source to get the exact same dependency tree that you were developing
on. Additionally, the diffs from these changes are human-readable and will
inform you of any changes npm has made to your node_modules, so you can notice
if any transitive dependencies were updated, hoisted, etc.
Resolving lockfile conflicts
Occasionally, two separate npm install will create package locks that cause
merge conflicts in source control systems. As of npm@5.7.0, these conflicts
can be resolved by manually fixing any package.json conflicts, and then
running npm install [--package-lock-only] again. npm will automatically
resolve any conflicts for you and write a merged package lock that includes all
the dependencies from both branches in a reasonable tree. If
--package-lock-only is provided, it will do this without also modifying your
local node_modules/.
To make this process seamless on git, consider installing
, which will teach git how
to do this itself without any user interaction. In short: $ npx npm-merge-driver install -g will let you do this, and even works with
pre-npm@5.7.0 versions of npm 5, albeit a bit more noisily. Note that if
package.json itself conflicts, you will have to resolve that by hand and run
npm install manually, even with the merge driver.
See Also
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论