npm install not creating a new package-lock.json

Question

I accidentally deleted my package-lock.json file. npm install is not generating a new one. How do I get npm to recreate this file.

I think below 8.0, they use shrinkwrap.json instead of package-lock.json — emil, Aug 24 '17 at 16:23
@emil it originally created a package-lock.json and I don't have a shrinkwrap.json either. Never seen it before. — Dblock247, Aug 24 '17 at 16:24
Also, `npm` only creates/updates the lock file when it modifies your `node_modules` folder, so in *theory* you could delete your `node_modules` folder, run `npm i` and it should regenerate the file for you — wjvander, Aug 24 '17 at 16:25
Yes. if you remove node_modules and reinstall with node version 8.0 above, you will see lock file. — emil, Aug 24 '17 at 16:27
@emil I just upgraded to v8.4.0 and ran npm install and it created the package-lock.json — Dblock247, Aug 24 '17 at 18:17
@emil, a proper answer would go a long way to resolving this question. — isherwood, Jan 23 '18 at 17:35
For other people experiencing this problem: also ensure that .npmrc does not contain `package-lock=false`. This is another reason why `package-lock.json` might not exist. — Kevin, May 23 '18 at 17:09
**Check your `.gitignore`.** I accidentally had `package-lock.json` in the `.gitignore` somehow and because `package-lock.json` wasn't showing up in the `git status` it was throwing me off. — Joshua Pinter, Mar 19 '19 at 15:29

David Mulder · Answer 1 · 2021-04-09T13:26:46.970

54

There might be a file called .npmrc which can contain

package-lock=false

which will cause the package lock file to not be generated.

In theory you could also have turned on npm config set package-lock false globally (change to true to turn on again), but that's less likely to happen unintentionally.

edited Apr 09 '21 at 13:26

answered Nov 06 '18 at 09:38

David Mulder

24,033
8
45
104

2

Yep, this is it. Thanks for adding this as a proper answer. – Joshua Pinter Nov 29 '18 at 18:41
What's the purpose of this? I'm working with a project that requires running `npm ci` which fails because there's no package-lock file - so why would the maintainers add this setting to npmrc? – Matt Feb 10 '21 at 21:01
1

@Matt Some people do not see the benefits of version lock files and thus hate the fact that it generates a new lock file each time that 'pollutes' their commits from their perspective. – David Mulder Feb 10 '21 at 23:36
Can this also be specified in package.json (without additional files). I mean, it's about package.json. It's a required file to install node packages... – Dominik Apr 09 '21 at 13:15

score 42 · Answer 2 · edited Nov 08 '19 at 21:52

The package-lock.json file was introduced in npm v5, so the steps you need to take to regenerate package-lock.json depend on which version of npm you're using.

FYI. Let's verify what version of node and npm.

npm -v

prints: x.x.x

node -v

prints: x.x.x

I believe for package-lock.json is auto-generated if the 2 conditions npm version > 5.x.x and node version > 7.x.x are met

Then, try the following steps depending on which version you have:

npm v5+:

Regenerate the package-lock.json by running npm install. You may also regenerate the file without actually downloading dependencies by using npm install --package-lock-only

npm v4.x & earlier:

Generate a npm-shrinkwrap.json by running npm shrinkwrap. This file has the same format as package-lock.json and achieves essentially the same purpose in earlier versions of npm (see https://docs.npmjs.com/files/package-lock.json and https://docs.npmjs.com/files/shrinkwrap.json for detailed information on this point)
Rename the npm-shrinkwrap.json to package-lock.json

Node 8.9.1 and npm 6.4.0. Not generating package-lock.json on `npm install` here. — angularsen, Aug 21 '18 at 11:42
Ah, just learned from comments above that `.npmrc` could have `package-lock=false`, which our project happened to have. — angularsen, Aug 21 '18 at 11:43

score 8 · Answer 3 · answered Jul 05 '19 at 06:41

To resolve this issue I have tried below mentioned things and it worked for me :

Make sure your package-lock globally enabled, you can enable it using:

npm config set package-lock true

To make sure your .npmrc is not blocking the creation of package-lock file, set this to your .npmrc

echo 'package-lock=true' >> .npmrc

note: package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json for npm -v > 5.x.x.

check your npm version: npm -v

update your npm to latest version using:

npm install -g npm@latest

npm i -g npm-upgrade

@will

score 0 · Answer 4 · edited Jan 04 '21 at 16:46

0

I was also facing the same issue

I just removed the package-lock=false from .npmrc and now it is creating the lock file

edited Jan 04 '21 at 16:46

mikemaccana

81,787
73
317
396

answered Sep 11 '20 at 06:54

Shyam Kumar

500
3
14

This seems like a duplicate of @DavidMulder's answer – mikemaccana Jan 04 '21 at 16:47

jabu.hlong · Answer 5 · 2018-02-15T21:31:44.997

-3

If your npm version is <5 you will have a shrinkwrap.json file created when running npm install.

Otherwise package-lock will be created on npm versions 5 and above.

edited Feb 15 '18 at 21:31

answered Jan 25 '18 at 13:42

jabu.hlong

1,488
15
20

It generates nothing after running `npm i` for me. Using node 6.12.2 npm 3.10.10 – Mike Milkman Jul 02 '18 at 22:05

npm install not creating a new package-lock.json

5 Answers5

Linked