Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

package-lock.json file, package with "optional": true

Tags:

node.js

npm

One of my work mate's PRs contains a package-lock.json update, which added "optional": true:

 "minimist": {    "version": "0.0.8",    "bundled": true, -  "dev": true +  "dev": true, +  "optional": true  },  "minipass": {

I am not sure what this means even after googling around. Could someone please explain?

like image 207
Bill Avatar asked Jan 28 '19 22:01

Bill

People also ask

What is optional true in package lock json?

After a package is removed from dependencies, its dependencies are marked "optional": true in package-lock. json . It is usually safe to remove such packages either by hand or by $ rm -rf package-lock. json node_modules/ $ npm install. However, this is not 100% safe, as some packages will be updated to newer versions.

Does package json generate package lock?

package-lock. json is automatically generated for any operations where npm modifies either the node_modules tree, or package. json . It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

2 Answers

From https://docs.npmjs.com/files/package-lock.json#optional:

If true then this dependency is either an optional dependency ONLY of the top level module or a transitive dependency of one. This is false for dependencies that are both an optional dependency of the top level and a transitive dependency of a non-optional dependency of the top level.

It's safe to merge this change.

The reason you see this change is most likely because npm slightly changed how package-lock.json is structured in version 6.6. Your mate basically ran npm install with npm 6.6+ on a package-lock.json previously generated with npm 6.5-.

You should be able to avoid this kind of issue by making sure everyone on your team uses a recent version of npm.

like image 91
Francesc Rosas Avatar answered Sep 22 '22 04:09

Francesc Rosas

After a package is removed from dependencies, its dependencies are marked "optional": true in package-lock.json.

It is usually safe to remove such packages either by hand or by

$ rm -rf package-lock.json node_modules/ $ npm install

However, this is not 100% safe, as some packages will be updated to newer versions.

like image 35
yanychar Avatar answered Sep 19 '22 04:09

yanychar
Sign in to Comment

Related questions

numpy-like package for node [closed]
how does socket.io work? [closed]
Accessing Express.js local variables in client side JavaScript
NPM : how to just run post-install?
How does Asynchronous programming work in a single threaded programming model?
Scaling Socket.IO to multiple Node.js processes using cluster
app.get - is there any difference between res.send vs return res.send
Mocha beforeEach vs before execution
Convert a directory structure in the filesystem to JSON with Node.js
Node.js and Microsoft SQL Server
Node cannot find module "fs" when using webpack
Upload a file to Amazon S3 with NodeJS
Best way to call an asynchronous function within map?
Synchronous Requests in Node.js
TypeError: firebase.storage is not a function
How to check in node if module exists and if exists to load?
Defining an array as an environment variable in node.js
Node Sass does not yet support your current environment: Windows 64-bit with Unsupported runtime (88)
AngularJS Authentication + RESTful API
How to use environment variables in package.json

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!