I am using npm workspaces to manage a monorepo. I've noticed that the top-level package-lock.json includes a cached copy of each workspace's package.json, in its "package" field. How can I refresh these cached copies without also updating all dependency versions in package-lock.json?
So far, the best approach I've found is:
- Delete the top-level
package-lock.json. - Run
npm i.
This works, but also updates all dependency versions in package-lock.json. I would prefer to avoid that, in case updating a dependency breaks something, and because this creates enormous git diffs for package-lock.json.
Non-solutions
Running npm update <workspace package name> does not work, at least if I have changed a workspace's package version number (No matching version found for <package name>@<new version>).
Same issue if I try npm i --package-lock-only as suggested here.
Motivation
package-lock.json is checked into my git monorepo, so I presume I need to update it like this each time I bump the workspace packages' versions.
I've also experienced a problem in the past where I updated the bin field in a workspace's package.json, but npm ci kept using the old version. That was fixed by refreshing package-lock.json, but again at the cost of updating all dependency versions.
