User Tools

Site Tools


node_js:understanding_package_and_package_lock

Understanding package and package-lock

NEVER manually update package-lock.json

Both package.json and package-lock.json update automatically when you install or update a package via the terminal inside your repo.

These changes should be tracked in Git. You can revert these files in GitHub Desktop like any other text file; however, your local node_modules folder will not automatically revert its code. To sync your local code back to the version specified in your package-lock.json, run npm install (or npm ci for a guaranteed clean slate).

Merge Conflict

If you see a merge conflict in your package-lock.json in GitHub Desktop, don't try to fix the text manually. This is the best way to fix:

1. Accept one version of the file (doesn't matter which one) 2. Run npm install in terminal inside your repo 3. npm will automatically rewrite the file to be correct and conflict-free. Here's how that works:

  1. npm reads package.json to see what you want to install (package versions have ranges instead of specific versions)
  2. npm reads package-lock.json to see what was previously successful
  3. npm checks the conflict, if the two files disagree, package.json wins
  4. The result: npm recalculates the match, downloads the necessary code into node_modules, and then completely regenerates a fresh, non-conflicting package-lock.json that is perfectly synced.

Making Sure All Team Members Have the Same Setup

If I have everything set up on my computer; the package.json and package-lock.json files are in sync and looking good, but my coworker's computer is still out of date. Here's the course of action:

1. I Push: I commit and push my package.json and package-lock.json to the shared Git repository. 2. They Pull: My coworker pulls the latest changes from Git. Now their files match yours, but their node_modules folder is still full of the old code. 3. They Sync: My coworker runs npm install (or even better, npm ci) to update their node_modules folder to match package-lock.json.

NOTE: Never commit or share the node_modules folder itself; it should always stay in your .gitignore file.

Important Nuance Between npm install and npm ci

If you want npm to follow the package-lock.json file exactly, use npm ci. If you want npm to “fix” the package-lock.json file to match package.json, use npm install (this only fixes/updates the lockfile IF package.json has changed. If package.json and package-lock.json are already in sync, npm install just checks the node_modules folder and does nothing.)

node_js/understanding_package_and_package_lock.txt · Last modified: by linepup

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki