Is there a way to force npm to generate package-lock.json?

Question

I deleted it by accident and have made many changes to package.json since. An npm install or npm update do not generate package-lock.json anymore. I tried clearing my npm cache and my nvm cache, but nothing seems to be working. I tried it on several versions of Node.js (6.10.3 Node.js - 3.10.10 npm is what I would like it to work on), and it doesn't work on any.

Is there a way to force npm to generate the package-lock.json file?

`package-lock.json` is generating automatically by default in npm starting from v5, in the previous versions, the lock file name was `npm-shrinkwrap.json` and it was generated manually using `npm shrinkwrap` command. — alexmac, Oct 09 '17 at 19:49
@BrettMerrifield Thank you! That was my problem. I updated to `node 8.6.0` and with it `npm 5.3.0` and it worked. — Big Money, Oct 09 '17 at 19:49
**Check your `.gitignore`.** I accidentally had `package-lock.json` in the `.gitignore` somehow and because `package-lock.json` wasn't showing up in the `git status` it was throwing me off. — Joshua Pinter, Mar 19 '19 at 15:25

Janusz Przybylski · Accepted Answer · 2021-03-10T08:24:20.773

217

In npm 6.x and 7.x you can use

npm i --package-lock-only

According to https://docs.npmjs.com/cli/install.html

The --package-lock-only argument will only update the package-lock.json, instead of checking node_modules and downloading dependencies.

edited Mar 10 '21 at 08:24

answered Feb 27 '19 at 16:24

Janusz Przybylski

2,196
1
5
5

19

This is the correct answer now, others are old and wont work. – Vaibhav Singh Jun 25 '19 at 07:57
Any clue how to generate a package-lock.json without devDependencies? I need this for clean production installs. `npm i --package-lock-only --only=production` doesn't seem to work. – Robert May 13 '20 at 15:07
I don't think it's possible to generate `package-lock.json` only for production dependencies. But if you run `npm i --only=production` it should install only production dependencies. So your build process could look like this: install all dependencies, build app, remove `node_modules` and install only production dependencies. – Janusz Przybylski May 14 '20 at 14:23

score 199 · Answer 2 · answered May 13 '18 at 06:06

199

By default, package-lock.json is updated whenever you run npm install. However, this can be disabled globally by setting package-lock=false in ~/.npmrc.

When the global package-lock=false setting is active, you can still force a project’s package-lock.json file to be updated by running:

npm install --package-lock

This command is the only surefire way of forcing a package-lock.json update.

answered May 13 '18 at 06:06

Mathias Bynens

130,201
49
208
240

@RonNewcomb Can you share more information? What do you mean by "it doesn't work"? Which npm version are you using? – Mathias Bynens Aug 10 '18 at 08:10
npm version 3.10.10 Node 6.10.3 The command you listed seems to be a no-op? Nothing happens. No error, no file change, nothing. – Ron Newcomb Aug 10 '18 at 16:31
2

If you're using npm v3 for your project, you wouldn't have a `package-lock.json`. `package-lock.json` is only supported by npm v5+. – Mathias Bynens Aug 14 '18 at 06:48
10

npm v 6.4.1 and this does not create package-lock.json – mjuopperi Nov 13 '18 at 06:42
This used to not work for me (I have package-lock=false) but with npm v 6.5.0 it started properly generating the package-lock.json file. – hawkeyegold Mar 25 '19 at 14:18
1

It works for me, in 6.4.1. Setting it to false also prevents it from creating one. – Kevin B Apr 05 '19 at 15:57
npm 6.14.5 updates `package-lock.json` by `npm install` as expected. – Youngjae Jul 21 '20 at 06:37

score 16 · Answer 3 · answered Dec 16 '17 at 20:50

16

This is answered in the comments; package-lock.json is a feature in npm v5 and higher. npm shrinkwrap is how you create a lockfile in all versions of npm.

answered Dec 16 '17 at 20:50

LJHarb

12,303
2
26
34

1

note, however, that `package-lock.json`s are not the exact same thing as shrinkwrap files. – strugee Jan 09 '18 at 04:59
7

in npm 5+, they are, in fact, exactly the same, down to every detail, except for one thing: `npm-shrinkwrap.json` will be published to the registry, and `package-lock.json` will not. – LJHarb Jan 09 '18 at 09:20
6

Yep. That's a pretty important difference though, which is why I left my comment. – strugee Jan 09 '18 at 18:19
2

`npm shrinkwrap` generates `npm-shrinkwrap.json`, but how do you generate `package-lock.json` ? – Vic Mar 30 '18 at 22:22
5

It’s automatic in npm 5+, or you can force it in 5+ with `--package-lock` – LJHarb Mar 31 '18 at 02:41
@Vic Just rename npm-shrinkwrap.json to package-lock.json. They have the same format. – BoomShadow Apr 30 '20 at 16:49

score 2 · Answer 4 · edited Jan 14 '21 at 06:32

As several answer explained the you should run:

npm i

BUT if it does not solve...

Check the version of your npm executable. (For me it was 3.x.x which doesn't uses the package-lock.json (at all))

npm -v

It should be at least 5.x.x (which introduced the package-lock.json file.)

To update npm on Linux, follow these instructions.

For more details about package files, please read this medium story.

score -1 · Answer 5 · answered May 06 '20 at 05:38

If your npm version is lower than version 5 then install the higher version for getting the automatic generation of package-lock.json.

Example: Upgrade your current npm to version 6.14.0

npm i -g npm@6.14.0

You could view the latest npm version list by

npm view npm versions

score -1 · Answer 6 · answered Jan 28 '21 at 16:34

-1

When working with local packages, the only way I found to reliably regenerate the package-lock.json file is to delete it, as well as in the linked modules and all corresponding node_modules folders and let it be regenerated with npm i

answered Jan 28 '21 at 16:34

trias

549
5
8

Is there a way to force npm to generate package-lock.json?

6 Answers6

Related