Menu
From the npm 5 doc:
The --no-package-lock argument will prevent npm from creating a package-lock.json file.
Does an npm install with --no-package-lock follows the package-lock.json (if already exists) deterministic install / nested locked versions ? Or does it completly ignore it ?
869
The package-lock. json file stores the version information of each installed package unchanged, and npm will use those package versions when running the npm install command.
npm install is not deterministic, but it generates a package-lock. json. package-lock. json makes node_modules deterministic, by using the npm ci command.
It is highly recommended you commit the generated package lock to source control: this will allow anyone else on your team, your deployments, your CI/continuous integration, and anyone else who runs npm install in your package source to get the exact same dependency tree that you were developing on.
json that result in two different installs. You may have noticed it before; you install a package using npm and suddenly a new file called package-lock. json appears in your project directory. Don't delete that package-lock file, run npm install and regenerate it!
Answer from the @npm_support:
Using
--no-package-lockskips the package-lock. It is neither read nor written as if the package-lock feature did not exist.
So the package-lock.json file isn't used at all when the --no-package-lock is on.
94
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
