package-lock. json is automatically generated for any operations where npm modifies either the node_modules tree, or package. json . It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.
npm install is not deterministic, but it generates a package-lock. json.
If you're collaborating on a shared project with multiple developers, and you want to ensures that installations remain identical for all developers and environments, you need to use package-lock. json . package-lock. json is automatically generated for any operations where npm modifies either package.
In npm 6.x and 7.x you can use
npm i --package-lock-only
According to https://docs.npmjs.com/cli/install.html
The --package-lock-only argument will only update the package-lock.json, instead of checking node_modules and downloading dependencies.
By default, package-lock.json
is updated whenever you run npm install
. However, this can be disabled globally by setting package-lock=false
in ~/.npmrc
.
When the global package-lock=false
setting is active, you can still force a project’s package-lock.json
file to be updated by running:
npm install --package-lock
This command is the only surefire way of forcing a package-lock.json
update.
This is answered in the comments; package-lock.json
is a feature in npm
v5 and higher. npm shrinkwrap
is how you create a lockfile in all versions of npm
.
As several answer explained the you should run:
npm i
BUT if it does not solve...
Check the version of your npm
executable. (For me it was 3.x.x which doesn't uses the package-lock.json
(at all))
npm -v
It should be at least 5.x.x (which introduced the package-lock.json file.)
To update npm
on Linux, follow these instructions.
For more details about package files, please read this medium story.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With