Question
What is the way to update/generate package-lock.json without making a real installation of node_modules (what npm install does)?
I want just a valid package-lock.json based on my package.json, that's it.
Motivation
You might use yarn locally, when CI server uses npm. It's probably not the best practice, but still might ok as a temporary solution.
Bonus question: Same for yarn. Is it possible to generate yarn-lock.json without doing a real installation?
As of npm 6.x, you can use the following command:
npm i --package-lock-only
Documentation (https://docs.npmjs.com/cli/install.html) says:
The
--package-lock-onlyargument will only update thepackage-lock.json, instead of checking node_modules and downloading dependencies.
As of yarn 3.0.0, you can use the following command:
yarn install --mode update-lockfile
Documentation (https://yarnpkg.com/cli/install#options-mode%20%230) says:
If the
--mode=<mode>option is set, Yarn will change which artifacts are generated.
update-lockfilewill skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums). This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.
As of Sep. 10, 2019: yarn doesn't seem to support generating a lock-file without installing the modules. Relevant GitHub issue: https://github.com/yarnpkg/yarn/issues/5738
I don't have enough reputation to comment, so just add an answer :)
In addition to Teh's answer, for Yarn now you can:
yarn install --mode update-lockfile
Documentation: https://yarnpkg.com/cli/install#options-mode%20%230
update-lockfilewill skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums). This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.
