Stack Overflow
Stack Overflow

Questions tagged [package-lock.json]

224 questions
8
votes
0 answers

npm install not considering registry/resolved path in package-lock.json

It's pretty straight forward to install a package from a private registry: npm install my-package --registry https:// This will add an entry to the package-lock.json: "my-package": { "version": "1.0.0", "resolved":…
ysfaran
  • 5,189
  • 3
  • 21
  • 51
8
votes
1 answer

How can I determine which of my dependencies depends on a particular package in my node_modules?

Github recently introduced a feature that notifies you about security vulnerabilities in your package-lock.json. I would like to resolve these issues, but the majority of packages listed here are dependencies of my dependencies, and so it is unclear…
MaxPRafferty
  • 4,819
  • 4
  • 32
  • 39
8
votes
2 answers

Caret range and package-lock.json: how to get latest non-breaking versions with them?

I got what package-lock.json is standing for, but I don't understand how is caret range work after adding this file? Say I have a package (my-module) that I want to have all new non-breaking versions without specifying new versions manually. I…
atoth
  • 838
  • 1
  • 9
  • 23
7
votes
1 answer

"resolved" and "integrity" go missing in package-lock.json

Ocassionally, when installing an (unrelated) dependency, I lose the resolved values from each of my private nexus repository dependencies, meaning that when my build server runs npm ci it falls back to attempting to install these from the npm…
tallpaul
  • 1,220
  • 2
  • 13
  • 35
7
votes
2 answers

Name under black package in package-lock.json keeps removing and adding automatically

On npm install, I see that in package-lock.json property packages[""].name is sometimes removed and sometimes added. How to prevent this change, since it appears in git changes?
Miki
  • 85
  • 6
7
votes
2 answers

Why does "npm install" prefix my packages with "node_modules" in my "package-lock.json" file?

I've never had this happen before, but now, when I npm install in the root directory of my app, my package-lock.json updates all the packages with node_modules/. What is causing this? Here's what I get before running npm i Here's what I get after…
Sefton419
  • 167
  • 1
  • 2
  • 15
7
votes
1 answer

If I change the node version and do npm install, does the package versions in package-lock.json change?

Suppose, I do npm install and then I change the node version and then again do npm install, will the installed packages in package-lock.json and node_modules change? (Assuming the packages were not updated on the npm registry meanwhile)
Vishnu Sankaran
  • 669
  • 6
  • 20
7
votes
1 answer

Why does `npm install` generate different `package-lock.json` files for the same `package.json` file?

Here is the relevant part of my package.json file: "devDependencies": { "ajv": "^6.0.0", "webpack": "^4.0.0", "websocket": "^1.0.0", "bignumber.js": "^7.0.0", "decimal.js": "^10.0.0", "truffle": "4.1.11", "ganache-cli":…
goodvibration
  • 5,980
  • 4
  • 28
  • 61
7
votes
0 answers

npm install fails when package-lock.json is present

I have some strange issue regarding the package-lock.json. We are using npm 5.6 and node 8.9.2. We have some project with dependencies. The developers can install the deps and push the package-lock.json as recommended: ... …
DenCowboy
  • 13,884
  • 38
  • 114
  • 210
7
votes
2 answers

NPM5, What is the difference of package-lock.json with package.json?

After updating NPM to version 5, I found package-lock.json file with package.json. What is the difference between this two files? What are the advantages of package-lock.json?
Satyam Koyani
  • 4,236
  • 2
  • 22
  • 48
6
votes
1 answer

How do I prevent "npm install" or "npm remove" from deleting my personal package?

I want to have a node_modules/my-package/... environment for one of my libraries. My package.json is considered valid. I has a name and a version and a few other fields: (this is node-modules/my-paclage/package.json) { "name": "my-package", …
Alexis Wilke
  • 19,179
  • 10
  • 84
  • 156
6
votes
1 answer

Difference between package.json, package-lock.json and yarn.lock files?

I have understood the details from the below link but still when to use which file is a question ? https://docs.npmjs.com/files/package-lock.json
Vaibhav
  • 771
  • 2
  • 11
  • 23
6
votes
1 answer

NPM: change registry in package-lock.json

For security reason, I need a specific registry, but in the package-lock.json I still keep the https://registry.npmjs.org/ Is there any way to force it?
romuleald
  • 1,406
  • 16
  • 31
5
votes
1 answer

package-lock.json is rewritten after npm install

I was working on a react project. I cloned it in a new machine. As soon as I ran the command npm install, package-lock.json file was rewritten completely. Is this a problem? And how should I deal with it?
Devang Joshi
  • 101
  • 1
  • 8
5
votes
0 answers

How to extract the closest node.js version used from existing package-lock.json?

My package-lock.json and package.json do not specify the node.js version used to generate the package-lock.json in my repo. I can iterate over node versions using nvm to see which one yeilds minimal git diff to the previous package-lock file in my…
Sohail Si
  • 2,750
  • 2
  • 22
  • 36
1 2 3
14 15