Menu
I'm in the process of switching from npm to pnpm, which has a different set of features that I prefer.
The former uses package-lock.json to lock exact packages versions, the latter pnpm-lock.yaml.
According to the docs, pnpm ignores package-lock.json, which seems to become redundant. And, as a consequence, when updating packages with pnpm, this file will not be processed at all and will soon become outdated.
Can I safely delete package-lock.json or will I incur in some problems of sort? Could there be any drawbacks in deleting this file from my project?
I'm using npm only to get the tools and packages needed for my projects (i.e. Gulp), not to publish packages to https://www.npmjs.com/
539
json that result in two different installs. You may have noticed it before; you install a package using npm and suddenly a new file called package-lock. json appears in your project directory. Don't delete that package-lock file, run npm install and regenerate it!
According to the docs, pnpm ignores package-lock. json , which seems to become redundant. And, as a consequence, when updating packages with pnpm , this file will not be processed at all and will soon become outdated.
json intact. It is highly recommended you commit the generated package lock to source control: this will allow anyone else on your team, your deployments, your CI/continuous integration, and anyone else who runs npm install in your package source to get the exact same dependency tree that you were developing on.
The goal of package-lock. json file is to keep track of the exact version of every package that is installed so that a product is 100% reproducible in the same way even if packages are updated by their maintainers. This solves a very specific problem that package.
If you use pnpm, you can remove package-lock.json (and yarn.lock if you are switching from Yarn). If you need to preserve some dependencies from your old lockfile, you can run pnpm import and pnpm will generate a lockfile using info from package-lock.json.
pnpm will create a lockfile of its own. pnpm's lockfile is called pnpm-lock.yaml. You should commit this file to the repository.
If you have a CI server, you'll have to use pnpm on the CI server as well, for installing dependencies. Here are some instructions how to do that.
182
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
