Always package-lock dependency libraries creating problem. When we are trying to do npm install there is no issues but when we try merge the code to master branch build failed. One of the dependency library failing. when we see it jfrog that library critical due lower version and expecting higher version to upgrade. We have modify directly in package-lock file and check in the code that issue resolved but other library coming. what is the best way to identify and resolve the problem?
Asked
Active
Viewed 1,129 times
0
-
1Suggestion: You can improve the question by stating the error you get in the description. Images are not searchable, so other devs will not find your question if they have a similar issue. – Willem Nov 17 '21 at 05:09
1 Answers
0
Try using npm ci
instead of npm install
when you build for deployment. As I understand it, this command will use the package-lock.json
file.
Use npm install
and commit changes to the package-lock.json
file when your intent is to update the dependencies for deployment.
This is recommended in the docs and could help you to control the package-lock.json
file and get consistent builds.

Willem
- 917
- 7
- 19
-
Thanks @willem for clarification. Can I add in azure pipeline. instead of npm i to npm ci. is this resolve my problem – Dinesh Nov 12 '21 at 17:55
-
there is no error showing in local and also no error in local branch but in master branch it showing error. – Dinesh Nov 12 '21 at 18:01
-
I guess that your problem relates to `jfrog` itself. Unfortunately, I can offer no help in this regard. Google gave me this page: https://jfrog.com/knowledge-base/how-to-troubleshoot-npm-problems/ – Willem Nov 17 '21 at 05:02