How does the npm package-lock file generate the dependency tree?

Asked Mar 07 '21 at 21:51

Active Mar 07 '21 at 23:18

Viewed 684 times

I have a project (node.js 14 + npm 6) that has a dependency let's call it A. A also has a dependency called B. After I run npm install the package lock file has B under A as a transient dependency to my project:

{
  "name": "test",
  "version": "1.0.0",
  "lockfileVersion": 1,
  "dependencies": {
    "A": {
      ...
      "dependencies": {
        "B": {
          ...
        },
      }
    },
  }
}

However, if I delete the node_modules folder and run npm install lock file will change to this:

{
  "name": "project",
  "version": "1.0.0",
  "lockfileVersion": 1,
  "dependencies": {
    "A": {
      ...
    },
    "B": {
      ...
    },
  }
}

Both A and B are on the same level in the tree structure. Nothing has been changed in the package.json and all other files remained the same between the two installs.

My questions are:

Why is it happening?
Is it a normal thing to happen?
Doesn't this makes collaboration cumbersome? Every time someone touches npm i the packages lock file changes.

edited Mar 07 '21 at 23:18

asked Mar 07 '21 at 21:51

Aliator

How does the npm package-lock file generate the dependency tree?

0 Answers0