package-lock.json

Reading Time: < 1 minute

This blog post will help us to understand the package-lock.json file in detail.
NPM introduced package-lock.json in 5.X.X version. The package-lock.json will automatically generate when you install the node packages.

The main goal of package-lock.json keeps the exact version of each package you mentioned in the package.json in your application.
This helps us to generate the exact same dependency tree for npm packages in all the environments like developer machines, development, test, and, production environments.

The package-lock.json contains each and every dependency you mentioned in the package.json file. It contains the exact version of the package dependency, the location of the package, a hash that verifies the integrity of the package, list of packages it requires, and, a list of dependencies.

You must commit package-lock.json to the source control and should not add to .gitignore file.

When you run the npm install, packages will get installed from package-lock.json if it already exists otherwise it will create a new package-lock.json file with the dependencies those are installed.

Below is the sample package-lock.json file.

{
"name": "angular-sample-app",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"@angular-devkit/architect": {
"version": "0.800.3",
"resolved": "https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.800.3.tgz",
"integrity": "sha512-SikMkzkBPtiRdaFIXB0+0NZUBI3bU7XfQRof/uHp9Xc+U1K3ORAtGGOIJtLdkk7RsWqePu5CiRX8XczgFKq5eA==",
"dev": true,
"requires": {
"@angular-devkit/core": "8.0.3",
"rxjs": "6.4.0"
},
"dependencies": {
"rxjs": {
"version": "6.4.0",
"resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.4.0.tgz",
"integrity": "sha512-Z9Yfa11F6B9Sg/BK9MnqnQ+aQYicPLtilXBp2yUtDt2JRCE0h26d33EnfO3ZxoNxG0T92OUucP3Ct7cpfkdFfw==",
"dev": true,
"requires": {
"tslib": "^1.9.0"
}
}
}
}
}
}
0 0 vote
Article Rating