Menu
In package-lock.json in dependency object, I have both requires and dependencies fields, e.g
"requires": {
"@angular-devkit/core": "0.8.5",
"rxjs": "6.2.2",
"tree-kill": "1.2.0",
"webpack-sources": "1.3.0"
},
"dependencies": {
"rxjs": {
"version": "6.2.2",
"resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.2.2.tgz",
"integrity": "sha512-0MI8+mkKAXZUF9vMrEoPnaoHkfzBPP4IGwUYRJhIRJF6/w3uByO1e91bEHn8zd43RdkTMKiooYKmwz7RH6zfOQ==",
"dev": true,
"requires": {
"tslib": "1.9.3"
}
}
}
What is the difference between these two? Why some dependencies are listed in requires, other in dependencies, and some of them in both of these fields?
563
If you're collaborating on a shared project with multiple developers, and you want to ensures that installations remain identical for all developers and environments, you need to use package-lock. json . package-lock. json is automatically generated for any operations where npm modifies either package.
package-lock. json is automatically generated for any operations where npm modifies either the node_modules tree, or package. json . It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.
package-lock. json is automatically generated for any operations where npm modifies either the node_modules tree, or package. json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.
By default, npm installs all packages directly in node_modules.
However, let's say that package X is dependent on package Z in version 1.0 and package Y is dependent on the same package Z, but in version 2.0. In this case we have to install two versions of this package. One will be installed in root node_modules folder, and another one will be installed in node_modules folder of dependant package, e.g.
package.json
node_modules
/X
/Y
/node_modules
/[email protected]
/[email protected]
Equally likely, npm could build a different, but still correct, package tree:
package.json
node_modules
/X
/node_modules
/[email protected]
/Y
/[email protected]
The package-lock.json file will attempt to describe not only the dependencies of your project, but this tree structure as well. Which of the two trees above to build will be encoded in the JSON.
With this knowledge, it's easy to understand:
"requires" reflects dependencies from package.json file of this dependency, while dependencies reflects actually installed dependencies in node_modules folder of this dependency.
54
After reading the answers above, maybe I can put it more simply:
requires can be shared among all other top levels dependencies, while dependencies are standalone, belonging only to the module requiring them.
i.e.
"@angular-devkit/core": "0.8.5","tree-kill": "1.2.0", and "webpack-sources": "1.3.0" do not belong only to the module. They are in the same level as the module requiring them. By contrast, "rxjs": "6.2.2" exists exclusively due to the module requiring it, and it is used only by that module.
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
