With the same git repository, if I delete node_modules
and package-lock.json
, my expectation is that running npm install
should generate the same package-lock.json
file each time (give or take a few modules that might get updated by the publisher in the interim.
What I'm finding is that I get vastly different files depending on whether I do this on an OSX machine versus a Linux machine.
Is this to be expected? If so, what value does committing the package-lock.json
file hold, since it will be invalid on one of these systems. If not, what might be going on here?
The reason package-lock. json may change automatically when you run npm install is because NPM is updating the package-lock. json file to accurately reflect all the dependencies it has downloaded since it may have gotten more up-to-date versions of some of them. Once NPM updates the package-lock.
npm install will generate a new package-lock. json if it does not exist or it will update the dependency tree if it does not match the packages specified in the package. json . npm ci will install packages based on package-lock.
npm install is not deterministic, but it generates a package-lock. json.
The goal of package-lock. json file is to keep track of the exact version of every package that is installed so that a product is 100% reproducible in the same way even if packages are updated by their maintainers. This solves a very specific problem that package.
Some dependencies are uninstallable on some platforms. You may have some of them that can be installed on OSX machine but not on Linux. That's why every time you execute npm i
, the package-lock.json
is updated
For example, as some other users pointed out there is a package fsevents
package which has strict requirement of os
You can find some open issues on github:
https://github.com/npm/npm/issues/17722
https://github.com/npm/npm/issues/18202
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With