Stack Overflow
Stack Overflow

Questions tagged [package-lock.json]

224 questions
3
votes
1 answer

When npm install/ci honors package-lock.json, is there any purpose of using tilde(~) and caret(^) in package.json?

In case an application has a package-lock.json or shripkwrap.json, both npm install/npm ci command would honor the dependencies versions (in package-lock.json or shripkwrap.json), what purpose would tilde(~) and caret(^) serve in package.json?
mavHarsha
  • 1,056
  • 10
  • 16
3
votes
0 answers

Is package-lock.json meant also to improve security of the application built by subresource integrity check?

I've read the following about package-lock.json file: This file is intended to be committed into source repositories, and serves various purposes: Describe a single representation of a dependency tree such that teammates, deployments, and…
Alexander Ites
  • 155
  • 2
  • 9
3
votes
1 answer

Do I still need a package-lock.json if I am not using caret(^) or tilde(~) in my package.json?

If I am always using definite versions of packages inside my package.json, what is the need of package-lock.json. Or other way to put this question is , If someone wants to use package-lock.json, why can't they just use definite versions of…
Krupanand Shetty
  • 33
  • 2
3
votes
0 answers

npm set latest dependencies in package-lock.json

Sorry for my overall dumbness and weak understanding of how npm works. I now work on a project on Angular 6, and github says that hoek package has vulnerabilities. Running npm ls hoek I get this dependency tree: +--…
VINT64
  • 133
  • 1
  • 12
3
votes
5 answers

npm install fails: buble@github:pemrouz/buble reference is not a tree

Summary: I am looking for a strategy on how I might find and fix an error in package-lock.json. This error breaks npm install: How do I figure out what installed this buble dependency? Can I simply delete the entry? How do I figure out what the…
Steve B
  • 257
  • 4
  • 13
3
votes
2 answers

How to prevent git from generating false difference for JSON files?

git thinks that two versions of a .json file is different, but actually their data is not: @@ -469,9 +479,9 @@ "integrity": "sha1-+GzWzvT1MAyOY+B6TVEvZfv/RTE=", "dev": true, "requires": { + "JSONStream": "1.3.1", …
ceremcem
  • 3,900
  • 4
  • 28
  • 66
3
votes
3 answers

Why does not “npm install” rewrite package-lock.json? And also not generate new one if not exist?

I'm expecting to see changes in my package-lock.json file after adding new dependency in package.json and running npm install - but package-lock.json is not changing. Settings: node version 6.11.0 npm version 3.10.10 I have tried to delete old…
Daria Bulanova
  • 547
  • 1
  • 5
  • 16
3
votes
2 answers

npm5 package-lock.json different entries on different machines

Our project uses npm for package management. After upgrading from npm 4 to npm 5, we decided to opt-in for the new package-lock.json. After committing it and performing npm install on other machines, we spotted differences in the way the version and…
Mobiletainment
  • 22,201
  • 9
  • 82
  • 98
2
votes
1 answer

Cannot find node module after deleting yarn.lock/package-lock.json

I have encountered a weird issue where I get the following error, when I re-generate my lock file. Cannot find module" @mui/icons-material/Close imported from within one of my node_modules. Did you mean to import @mui/icons-material/Close.js. That…
Burger Bob
  • 131
  • 3
2
votes
1 answer

npm audit fix not updating package.json

I want to fix one vulnerability and after lot of hit and trial, I want to use the fix given by npm audit fix. The npm audit says: # Run npm update mkdirp --depth 8 to resolve 10…
user124
  • 423
  • 2
  • 7
  • 26
2
votes
1 answer

Is it normal for package lock file version to switch back and forth on a team?

In the given scenario, new Dev A has a new version of npm (8.3). He does a clone of the repo and npm says the package.lock file needs to be upgraded from lockFile version format 1 to version 2. Then he checks that in. So now the repo has a lock file…
MattoMK
  • 609
  • 1
  • 8
  • 25
2
votes
0 answers

How does NPM decide what version of sub-dependency to download?

Say I have in package.json a dependency on package A; in package-lock.json, I see that package A has a sub-dependency with version ^0.7.28. When running npm update, will NPM download version 0.7.29 of package B (assuming there is such version)? If…
Hila
  • 21
  • 5
2
votes
1 answer

npm install doesn't apply what is in package-lock.json?

I have Node v10.22.0, npm 6.14.6, on MacOS Catalina. I start from a git repo that contains a package-lock.json that specifies @truffle dependencies and no node_modules folder, no package.json. After I cloned the repo, I run npm install to install…
Khang Vu Tien
  • 21
  • 4
2
votes
0 answers

Unable to delete dependency from package-lock.json and node_modules folder

I'm working with a particular dependency which has 2 versions, the community version and the enterprise version. They have both been installed mistakenly. Here is what part of the dependencies section in the package.json looks like and I want to…
One_for_all
  • 299
  • 1
  • 13
2
votes
1 answer

ERROR with bootstrap dependence having an unclosed block

I'm trying to compile a work repository on my personal computer (so I can work remotely), but every time I run npm start I get these messages: npm ERR! Cannot read property 'match' of undefined npm ERR! A complete log of this run can be found…
Thiago Borges
  • 29
  • 4
1 2 3
14 15