我正在尝试升级到 npm 5 并锁定文件。
现在我有这个 package.json:
{
"name": "typescript-test",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"build": "./node_modules/gulp/bin/gulp.js build",
"apidoc": "./node_modules/gulp/bin/gulp.js apidoc",
"watchApi": "BLUEBIRD_DEBUG=1 ./node_modules/gulp/bin/gulp.js watchApi",
"watchMqtt": "./node_modules/gulp/bin/gulp.js watchMqtt",
"test-debug": "NODE_ENV=test ./node_modules/mocha/bin/mocha --no-timeouts --debug-brk release/js/api/test/e2e/**/*.js",
"test": "___BLUEBIRD_DEBUG=1 ./node_modules/gulp/bin/gulp.js test",
"migrate": "./node_modules/sequelize-cli/bin/sequelize db:migrate",
"migrate:undo": "./node_modules/sequelize-cli/bin/sequelize db:migrate:undo"
},
"author": "",
"license": "ISC",
"dependencies": {
"@types/bcrypt": "0.0.30",
"@types/bluebird": "^3.0.35",
"@types/body-parser": "0.0.33",
"@types/config": "0.0.30",
"@types/dateformat": "^1.0.1",
"@types/expect.js": "^0.3.29",
"@types/express": "^4.0.33",
"@types/lodash": "^4.14.37",
"@types/minimist": "^1.1.29",
"@types/mocha": "^2.2.32",
"@types/mongoose": "^4.7.11",
"@types/mqtt": "0.0.32",
"@types/mysql": "0.0.31",
"@types/node-schedule": "0.0.36",
"@types/nodemailer": "^1.3.32",
"@types/passport": "^0.2.32",
"@types/passport-http-bearer": "^1.0.30",
"@types/passport-local": "^1.0.29",
"@types/sequelize": "^4.0.38",
"@types/sequelize-fixtures": "^0.4.29",
"@types/should": "^8.1.30",
"@types/supertest": "^1.1.31",
"@types/supertest-as-promised": "^2.0.32",
"@types/winston": "0.0.28",
"ansi_up": "^1.3.0",
"bcrypt": "^0.8.7",
"bluebird": "^3.4.6",
"body-parser": "1.15.2",
"config": "^1.21.0",
"cron-parser": "^2.4.1",
"dateformat": "^2.0.0",
"expect.js": "^0.3.1",
"express": "^4.14.0",
"express-basic-auth": "^1.1.1",
"express-winston": "^2.0.0",
"gulp": "^3.9.1",
"gulp-clean": "^0.3.2",
"gulp-copy": "0.0.2",
"gulp-nodemon": "^2.2.1",
"gulp-relative-sourcemaps-source": "^0.1.4",
"gulp-sourcemaps": "^2.0.0",
"gulp-spawn-mocha": "^3.1.0",
"gulp-tslint": "^6.1.2",
"gulp-typescript": "^3.0.2",
"json-2-csv": "^2.1.0",
"lodash": "^4.16.4",
"merge2": "^1.0.2",
"minimist": "^1.2.0",
"mocha": "^3.1.2",
"mongoose": "^4.9.7",
"mongoose-fixtures": "0.0.1",
"mosca": "^2.0.2",
"mqtt": "^2.2.1",
"mysql": "^2.11.1",
"node-cron": "^1.2.0",
"node-schedule": "^1.2.0",
"nodemailer": "^2.6.4",
"passport": "^0.3.2",
"passport-http-bearer": "^1.0.1",
"passport-local": "^1.0.0",
"path": "^0.12.7",
"pm2": "^2.4.2",
"read-last-lines": "^1.1.0",
"regression": "^1.4.0",
"sequelize": "3.24.3",
"sequelize-cli": "2.4.0",
"sequelize-fixtures": "^0.5.5",
"should": "^11.1.1",
"supertest": "^2.0.1",
"supertest-as-promised": "^4.0.1",
"tslint": "^3.15.1",
"typescript": "2.3.4",
"typings": "^1.4.0",
"winston": "^2.2.0"
},
"devDependencies": {
"gulp-apidoc": "^0.2.6",
"gulp-debug": "^2.1.2"
}
}
我的 package-lock.json 的一部分(即 express.js)是:
{
"name": "typescript-test",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"express": {
"version": "https://registry.npmjs.org/express/-/express-4.15.2.tgz",
"integrity": "sha1-rxB/wUhQRFfy3Kmm8lcdcSm5ezU=",
"requires": {
"accepts": "https://registry.npmjs.org/accepts/-/accepts-1.3.3.tgz",
"array-flatten": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
"content-disposition": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz",
"content-type": "https://registry.npmjs.org/content-type/-/content-type-1.0.2.tgz",
"cookie": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
"cookie-signature": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
"debug": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz",
"depd": "https://registry.npmjs.org/depd/-/depd-1.1.0.tgz",
"encodeurl": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.1.tgz",
"escape-html": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
"etag": "https://registry.npmjs.org/etag/-/etag-1.8.0.tgz",
"finalhandler": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.2.tgz",
"fresh": "https://registry.npmjs.org/fresh/-/fresh-0.5.0.tgz",
"merge-descriptors": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
"methods": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
"on-finished": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
"parseurl": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.1.tgz",
"path-to-regexp": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
"proxy-addr": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-1.1.4.tgz",
"qs": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
"range-parser": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
"send": "https://registry.npmjs.org/send/-/send-0.15.1.tgz",
"serve-static": "https://registry.npmjs.org/serve-static/-/serve-static-1.12.1.tgz",
"setprototypeof": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz",
"statuses": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
"type-is": "https://registry.npmjs.org/type-is/-/type-is-1.6.15.tgz",
"utils-merge": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.0.tgz",
"vary": "https://registry.npmjs.org/vary/-/vary-1.1.1.tgz"
},
"dependencies": {
"debug": {
"version": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz",
"integrity": "sha1-eYVQkLosTjEVzH2HaUkdWPBJE1E=",
"requires": {
"ms": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz"
}
},
"ms": {
"version": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz",
"integrity": "sha1-riXPJRKziFodldfwN4aNhDESR2U="
},
"qs": {
"version": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
"integrity": "sha1-E+JtKK1rD/qpExLNO/cI7TUecjM="
},
"setprototypeof": {
"version": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz",
"integrity": "sha1-ZlZ+NwQ+608E2RvWWMDL77VbjgQ="
}
}
}
}
}
从 package-lock.json 中,express 应该安装在 4.15.2。
但是,如果我这样做
rm -rf node_modules
npm install
express安装在4.15.3,package-lock.json被覆盖
这是 npm 的正确行为吗? 我是否以错误的方式使用了 package-lock?
最佳答案
npm 对 node_modules 文件夹所做的每个更改,包括 npm install,都会反射(reflect)在 package-lock.json 中。它记录当前实际安装的依赖项。
如果您现在想要安装锁定在 package-lock.json 中的依赖项,例如您在服务器上构建。您可以使用 npm ci 命令来安装依赖项。
来自文档:package-lock.json , npm-ci .
关于node.js - npm 5 忽略包锁,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45010414/