Highest Voted 'package-lock.json' Questions

0

votes

1 answer

The best way to resolve vulnerabilities in package-lock.json?

I am warned about vulnerabilities in the packages listed in the package-lock.json file of my Node.Js project. I can follow the advice here and reinstall all the packages with npm install , however, I also use other npm projects that…

asked Jan 01 '19 at 12:48

Aerodynamika

7,883
16
78
137

0

votes

1 answer

NPM package-lock version property

Is there a way to manage/sync the version property in package-lock.json file? my situation is as follow: When I have a new release, I manually update the version property in package.json, commit and push. On the build server, npm install to get all…

node.js npm package.json package-lock.json

asked Oct 25 '18 at 01:54

mkhayata

327
1
3
11

0

votes

0 answers

Updating vulnerable packages within "packages-lock.json" through the command line

The code for my app is managed through GitHub and GitHub is telling me there are some vulnerabilities within my package-lock.json file. Now as I understand it is that there could be multiple packages within the package.json file that depend or use…

javascript angular github npm package-lock.json

asked Aug 20 '18 at 08:33

Skywalker

4,984
16
57
122

0

votes

0 answers

package-lock.json is breaking my build

As part of my CI, build script is running npm install every time after it checkouts latest code from git repo. Since couple of days ago my build started to fail because of missing module, with error message: Module build failed: Error: Cannot find…

npm npm-install node-modules package-lock.json

asked Jul 02 '18 at 15:07

Darko Rodic

1,010
3
10
27

0

votes

0 answers

how to have same package-lock.json for all node / npm versions

Is it possible to have different node versions (lts and current) and have the same package-lock.json? Currently when I run npm install the packages it generates are different to those specified in the package-lock.json file. For example I'm using…

node.js npm package-lock.json

asked May 30 '18 at 10:49

OvidijusR

158
2
12

0

votes

1 answer

generate package-lock.json programmatically

Suppose I read a package.json file in as a string/json object. is it possible to create a package-lock.json file programmatically? for example, something like this: const pkg = require('./package.json'); const pkgLock =…

javascript node.js npm package.json package-lock.json

asked Mar 07 '18 at 00:52

Ben

16,124
22
77
122

0

votes

1 answer

ava dependencies missing from package-lock.json after upgrading it

I have just upgraded ava in one of my projects using npm install --save-dev ava@0.22.0. To my surprise, all its dependencies are now missing from package-lock.json: Added: + "version": "0.22.0", + "resolved":…

npm package.json ava package-lock.json

asked Sep 14 '17 at 07:38

Adam Matan

128,757
147
397
562

0

votes

1 answer

Why is an a index.lock sometimes created when switching branches in vscode?

Why does vscode create a index.lock sometimes when switching branches? Specifically, if the previous branch I just had open had some thing in package-lock.json and I just wanted it reset did a git reset --hard? FYI, I am using node 8. Here is a…

node.js git visual-studio-code package.json package-lock.json

asked Jun 29 '17 at 18:26

Mark

1,812
3
29
51

-1

votes

1 answer

Can fixed package.json versions change?

I have fixed versions in my package.json - all of my packages look like this: "dependencies": { "@apollo/client": "3.6.4", "bootstrap": "4.6.2", "graphql": "16.5.0" } Note the lack of ^ and ~ from the packages. But pipeline build stages…

javascript npm package-lock.json

asked Jul 05 '23 at 17:24

Noah Tatko

476
5
16

-1

votes

1 answer

Understanding difference between 'requires' and 'dependencies' in package-lock.json

In order to understand difference between requires and dependencies in package-lock.json, I am checking the @angular/cli dependency object which looks as below. Within @angular/cli the uuid package is listed with version 8.3.0 under both requires…

npm angular-cli package.json package-lock.json

asked Dec 08 '20 at 05:45

meallhour

13,921
21
60
117

-1

votes

1 answer

While installing lite-server it show vulnerabilities

lite-server@2.5.4 added 1 package from 2 contributors and audited 340 packages in 20.502s found 4 vulnerabilities (3 low, 1 high) run npm audit fix to fix them, or npm audit for details After running 'npm audit fix' it shows 1 package is looking…

node.js npm-install package.json package-lock.json lite-server

asked Jun 07 '20 at 22:58

rishabhshailesh

131
1
4

-1

votes

1 answer

When exactly is package-lock.json used?

I know the main point of having .lock files is that they contains specific versions of packages (whereas package.json can specify ranges), so that when you install the same project on different machines, you can guarantee the same versions of…

json npm package.json package-managers package-lock.json

asked Aug 27 '19 at 15:55

gkeenley

6,088
8
54
129

-2

votes

1 answer

npm install command manipulates package-lock.json with unrelated packages and package versions

I am working on a project with OpenAI API and while it works fine on laptop it's not working on my desktop. I cloned my project from git then I used npm install command after npm init command. When I use npm install npm didn't throw any err or…

node.js npm npm-install package.json package-lock.json

asked May 01 '22 at 12:44

kamilmuratyilmaz

1
3

-2

votes

1 answer

Essentially, why do we even need package-lock.json and shrinkwrap?

Before anything, I'd like to mention I do know what package.json, package-lock.json and npm shrinkwrap technically do and how they differ. These are thoroughly documented all over the internet. I would like to understand better why package-lock.json…

node.js npm package.json package-lock.json shrinkwrap

asked Jan 04 '22 at 17:32

OoDeLally

552
1
5
21

Questions tagged [package-lock.json]