Skip to content

Instantly share code, notes, and snippets.

@kymtwyf
Created November 30, 2017 03:21
Show Gist options
  • Save kymtwyf/fd8c1eb1f195836b5d25731316ce0cc1 to your computer and use it in GitHub Desktop.
Save kymtwyf/fd8c1eb1f195836b5d25731316ce0cc1 to your computer and use it in GitHub Desktop.
npm, package.json, package-lock.json, changes, windows

Background

I was trying to install a new package vue-lazy-render (low star number I know...) to our TaaS front end project.

However, after I run npm install vue-lazy-render and waiting for several seconds, the package-lock.json is **CHANGED in many places **

package-lock.json is changed !

I was wondering why this happens? AFAIK, the package-lock.json should lock my npm package version and should not change that frequently when I run npm install

Problem Solving

After I stackoverflowed it, the reason was well explained in one post

The reason why npm install changes my package-lock.json is due to the foolish spec which is the package-lock.json won't lock the package version.

When you specify the version in package.json using ^1.2.0 or ~1.2.0 without fixing the version and run npm install to install new packages, if newer version is founded, the package can be updated by npm. That's why my package-lock.json is updated everytime I run npm install

Solution

Just update your npm version to 5.4.2 or above

The new spec is more reasonable:

  1. If you have a package.json and you run npm i we generate a package-lock.json from it.
  2. If you run npm i against that package.json and package-lock.json, the latter will never be updated, even if the package.json would be happy with newer versions.
  3. If you manually edit your package.json to have different ranges and run npm i and those ranges aren't compatible with your package-lock.json then the latter will be updated with version that are compatible with your package.json. Further runs of npm i will be as with 2 above.

how to update npm in windows system?

Although there are several ways to help you update npm in windows system, I found a much simple way using npm-windows-upgrade

Just follow the steps:

  1. npm install --global --production npm-windows-upgrade
  2. npm-windows-upgrade --npm-version latest (you should run this command in Administrator mode)
  3. check the npm -v

Thanks to God

Now after I install my new package with npm install vue-lazy-render --save and take a look at my package-lock.json again

this package-lock.json looks better

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment