Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Should package-lock.json also be published?

Tags:

gitignore

node.js

npm

package-lock.json

npmignore

npm 5 introduced package-lock.json, of which the documentation is here.

It states that the file is intended to be included with version control, so anyone cloning your package and installing it will have the same dependency versions. In other words, you should not add it to your .gitignore file.

What it does not state is wether or not the file is intended to be included with a published package. This question could be rephrased as; should package-lock.json be included in .npmignore?

like image 994
wybe Avatar asked Jun 14 '17 13:06

wybe

People also ask

Should package lock json be published?

json allows publication, and defines the dependency tree from the point encountered. This is not recommended unless deploying a CLI tool or otherwise using the publication process for producing production packages. If both package-lock. json and npm-shrinkwrap.

Does npm publish use package lock json?

npm 5 introduced package-lock. json , of which the documentation is here. It states that the file is intended to be included with version control, so anyone cloning your package and installing it will have the same dependency versions.

Should package lock json be updated?

package-lock. json is updated automatically on dependency changes. It should be committed to version control to ensure the same dependencies on install.

Should you delete package lock json?

json that result in two different installs. You may have noticed it before; you install a package using npm and suddenly a new file called package-lock. json appears in your project directory. Don't delete that package-lock file, run npm install and regenerate it!

1 Answers

It cannot be published.

From the npm documentation:

One key detail about package-lock.json is that it cannot be published, and it will be ignored if found in any place other than the toplevel package

See package-lock.json documentation on docs.npmjs.com.

However, you should be commiting your package-lock.json to git as per the documentation.

This file is intended to be committed into source repositories

hence the common message presented by npm:

created a lockfile as package-lock.json. You should commit this file.

EDIT: A more detailed explanation can be found here.

like image 96
Peter Reid Avatar answered Sep 22 '22 04:09

Peter Reid
Sign in to Comment

Related questions

How to get a distinct value of a row with sequelize?
Authentication error when connecting to Heroku PostgreSQL database
Express: accessing app.set() settings in routes
How to extract token string from Bearer token?
Fail a test with Chai.js
node-express error : express deprecated res.send(status): Use res.sendStatus(status) instead
Express.js hbs module - register partials from .hbs file
Is NodeJs faster than Clojure?
Remotely debugging my node app that is hosted on AWS
Mongoose instance .save() not working
How to fix 'Error: querySrv EREFUSED' when connecting to MongoDB Atlas?
Use socket.io inside a express routes file
Running Ruby, Node, Python and Docker on the new Apple Silicon architecture? [closed]
How do I secure Socket.IO?
Is providing a Promise as a module's export a valid pattern for asynch initialization in Node.js?
Creating a webRTC peer *without* a browser, with just a JavaScript interpreter
How to make an HTTP request in Cloud Functions for Firebase?
Warning, FIREBASE_CONFIG environment variable is missing. Initializing firebase-admin will fail
Mocking JavaScript constructor with Sinon.JS
What is the difference between "express.Router" and routing using "app.get"?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!