I'm using npm
as part of me building the production docker image. I want to make sure the package-lock.json
doesn't change and matches.
What's a Lock File? A lock file describes the entire dependency tree as it is resolved when created including nested dependencies with specific versions. In npm these are called package-lock. json and in yarn they are called yarn. lock .
If you are running yarn add in your ci, such as for a ci only dependency, it will update the lock file and do an install for all dependencies.
Whenever you run yarn (which is the equivalent of running yarn install ) upon a fresh install, a yarn. lock file is generated. It lists the versions of dependencies that are used at the time of the installation process. That means it looks into your package.
You can use npm ci
.
npm ci bypasses a package’s package.json to install modules from a package’s lockfile. This ensures reproducible builds—you are getting exactly what you expect on every install.
https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With