Stack Overflow
Stack Overflow

Questions tagged [package-lock.json]

224 questions
1
vote
1 answer

package.json and package-lock.json does not reflect node_module's versions

I updated my Angular project with npm and for some reason package.json and package-lock.json was not updated accordingly. So the question is, do I have to update them manually, or is there a way to update these files according to the actual versions…
Jette
  • 2,459
  • 28
  • 37
1
vote
2 answers

An error occurred while analyzing 'package-lock.json' (Node Audit Analyzer)

I try to use dependency-check-maven in every test build job in Jenkins: mvn org.owasp:dependency-check-maven:6.2.2:aggregate -DskipSystemScope=true -Dformat=ALL -DprettyPrint=true -DcentralAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false…
Maciej Szymonowicz
  • 603
  • 1
  • 6
  • 18
1
vote
0 answers

Doesn't package-lock.json invalidate all use of ^ in package.json?

I'm trying to reconcile the purpose of the ^ character in package.json, and how it's affected by package-lock.json. Let's say for example, I run npm install johnny-dependency. Now I have a dependency listed in package.json: "johnny-dependency":…
Seth Lutske
  • 9,154
  • 5
  • 29
  • 78
1
vote
0 answers

How does the npm package-lock file generate the dependency tree?

I have a project (node.js 14 + npm 6) that has a dependency let's call it A. A also has a dependency called B. After I run npm install the package lock file has B under A as a transient dependency to my project: { "name": "test", "version":…
Aliator
  • 11
  • 4
1
vote
1 answer

Using npm install from any location without making new package-lock.json everytime?

I'm using visual studio code. I have multiple folders and package.json is in ProjectName/ProjectName.Web folder. Do i have to enter this folder in terminal everytime i want to run npm install? When I'm trying to do it from ProjectName folder which…
Sealia
  • 11
  • 1
  • 2
1
vote
2 answers

Node/NPM: If I upgrade my node version, should I rebuild the package-lock file?

I am using node version 11 and want to use 12.6. I had the package-lock.json file committed. When upgrading, should I remove my node module, npm install, and commit the new package-lock.json file?
raulInsto
  • 85
  • 11
1
vote
1 answer

Can I use in my project a package from package-lock.json dependencies?

I want to use date-fns in my project and I already have react-datepicker which is using date-fns. So, is it possible to use date-fns from react-datepicker or is it necessary to install it separately to the project in order to use it?
Dzmitry Tsitkou
  • 11
  • 1
1
vote
1 answer

Package-lock.json files not npm installing properly in branch

[Update]: It seems that the issue can be temporarily fixed by copying the package-lock.json from a working branch and pasting it into the non-working branch. This doesn't make sense to me though as the package-lock.json should not affect the npm…
tdammon
  • 610
  • 2
  • 13
  • 39
1
vote
0 answers

npm package-lock.json optimize by detecting versions that can be merged

Sometimes, the npm package-lock.json can accumulate pinned dependencies that can be merged together. For example: Install A@1 Install B@1 requires A@^2 -> pin to A@2.1 Install A@latest -> A@2.3 Now, I have two A versions: A@2.3 B@1 -> A@2.1…
pmoleri
  • 4,238
  • 1
  • 15
  • 25
1
vote
2 answers

how to remove npm module vulnerability babel-cli@6.23.0 in braces?

I want to remove the vulnerability in npm audit, https://snyk.io/test/npm/babel-cli/6.23.0 how to update the chokidar module? how to update dependent module without updating parent module? Manual Review …
Nadhas
  • 5,421
  • 2
  • 28
  • 42
1
vote
0 answers

How to add npm module without changing old dependencies in package-lock.json?

I use npm ci to install npm modules and it install same package versions as in package-lock.json And now I need to add npm module for starting write unit tests, I use this command: npm i jest I expect that it should add only jest dependencies, but…
Yegor
  • 3,652
  • 4
  • 22
  • 44
1
vote
2 answers

Why I can't update npm package dependancy?

I've done npm audit and it showed me that I have one High vulnerability. That's the information that it gave to me: ┌───────────────┬─────────────────────────────────────────────────┐ │ High │ Arbitrary File Overwrite …
in43sh
  • 711
  • 1
  • 10
  • 24
1
vote
1 answer

Update package.json files with dependencies manually copied over into node_modules

As per title, I have been developing my react app in a very bad manner. Since I worked in an offline environment, whenever I needed to install a new package top be used in my application, I would manually copy it into my node_modules folder. The…
INeedInsecticideToKillBugs
  • 53
  • 6
1
vote
1 answer

package-lock.json resolved link points to local artifactory URL instead of globally set registry

I have a .npmrc file with: registy=http://artifacts.sample.com/artifactory/api/npm/ package-lock.json contains resolved field for dependencies which looks something like: "dependencies": { "acorn": { "version": "5.7.3", "resolved":…
monkeycodes
  • 39
  • 1
  • 6
1
vote
4 answers

Is there a way to extract package.json from package-lock.json?

I'm working on a project in which the package.json file is missing. The developer has pushed the package-lock.json file without the package.json file. How can I create a clean package.json from the package-lock.json file in case it is at all…
Alireza
  • 6,497
  • 13
  • 59
  • 132
1 2 3
14 15