Stack Overflow
Stack Overflow

Questions tagged [package-lock.json]

153 questions
717
votes
11 answers

Why does "npm install" rewrite package-lock.json?

I just recently upgraded to npm@5. I now have a package-lock.json file with everything from package.json. I would expect that, when I run npm install that the dependency versions would be pulled from the lock file to determine what should be…
Viper Bailey
  • 8,875
  • 5
  • 18
  • 29
202
votes
6 answers

Is there a way to force npm to generate package-lock.json?

I deleted it by accident and have made many changes to package.json since. An npm install or npm update do not generate package-lock.json anymore. I tried clearing my npm cache and my nvm cache, but nothing seems to be working. I tried it on several…
Big Money
  • 6,272
  • 5
  • 20
  • 32
194
votes
23 answers

Error: Local workspace file ('angular.json') could not be found

I have travis-ci integrated with my GitHub account (https://github.com/pradeep0601/Angular5-Router-App). When I updated @angular/cli version from 1.7.4 to 6.0.0-rc.3, the build started failing with an error: Local workspace file ('angular.json')…
Pradeep
  • 10,533
  • 3
  • 16
  • 24
191
votes
4 answers

Do I need both package-lock.json and package.json?

After updating my NPM to the latest version (from 3.X to 5.2.0) and running npm install on an existing project, I get an auto-created package-lock.json file. I can tell package-lock.json gives me an exact dependency tree as opposed to…
Omri Luzon
  • 3,088
  • 6
  • 18
  • 29
175
votes
3 answers

What is the difference between npm-shrinkwrap.json and package-lock.json?

With the release of npm@5, it will now write a package-lock.json unless a npm-shrinkwrap.json already exists. I installed npm@5 globally via: npm install npm@5 -g And now, if a npm-shrinkwrap.json is found during: npm install a warning will be…
k0pernikus
  • 41,137
  • 49
  • 170
  • 286
135
votes
7 answers

Why did package-lock.json change the integrity hash from sha1 to sha512?

I just generated a new npm lockfile, package-lock.json, as part of my typical workflow. But I noticed that this time all of the integrity hashes have been changed from sha1 to sha512. What is happening here? "chalk": { "version": "2.0.1", …
Matt
  • 26,570
  • 19
  • 63
  • 74
108
votes
10 answers

How do I fix a vulnerable npm package in my package-lock.json that isn't listed in the package.json?

Github is telling me that a dependency in my package-lock.json file is vulnerable and outdated. The problem is that if I do npm install or npm update, neither of them update the dependency in the package-lock.json file. I've done a lot of googling…
Raph117
  • 1,977
  • 3
  • 13
  • 29
94
votes
3 answers

Deleting `package-lock.json` to Resolve Conflicts quickly

In a team set up, usually, I have faced merge conflicts in package-lock.json and my quick fix has always been to delete the file and regenerate it with npm install. I have not seriously thought about the implication of this fix because it has not…
John Mutuma
  • 1,810
  • 1
  • 14
  • 25
92
votes
9 answers

Proper way to fix potential security vulnerability in a dependency defined in package-lock.json

Github has given me this error on one of my repositories. We found a potential security vulnerability in one of your dependencies. A dependency defined in ./package-lock.json has known security vulnerabilities and should be updated. The dependency…
Kaito
  • 1,115
  • 1
  • 8
  • 12
59
votes
5 answers

npm install not creating a new package-lock.json

I accidentally deleted my package-lock.json file. npm install is not generating a new one. How do I get npm to recreate this file.
Dblock247
  • 4,603
  • 6
  • 35
  • 61
51
votes
2 answers

Is there any way to fix package-lock.json lockfileVersion so npm uses a specific format?

If two different developers are using different versions of node (12/15) & npm (6/7) in a project that was originally created using a package-lock.json "lockfileVersion": 1, when the developer using npm 7x installs new packages it seems that the…
Ben
  • 2,303
  • 1
  • 15
  • 19
41
votes
4 answers

Create package.json from package-lock.json

I downloaded a theme and it has a package-lock.json file but no package.json file. Is there a way I can generate the package.json from the package-lock.json file. How do I install the node modules with just the package-lock.json file. Is there a way…
Sandeep kurien
  • 513
  • 1
  • 4
  • 8
37
votes
2 answers

Package-lock.json - requires vs dependencies

In package-lock.json in dependency object, I have both requires and dependencies fields, e.g "requires": { "@angular-devkit/core": "0.8.5", "rxjs": "6.2.2", "tree-kill": "1.2.0", "webpack-sources": "1.3.0" }, "dependencies": { …
Krzysztof Grzybek
  • 5,857
  • 1
  • 25
  • 29
28
votes
3 answers

What is the point of putting npm's "package-lock.json" under version control?

What is the point of putting npm's package-lock.json under version control? In my experience having this file source controlled has caused more trouble and confusion than efficiency gains. Having package-lock.json under source control makes for a…
Cumulo Nimbus
  • 6,542
  • 7
  • 43
  • 61
27
votes
1 answer

Should package-lock.json also be published?

npm 5 introduced package-lock.json, of which the documentation is here. It states that the file is intended to be included with version control, so anyone cloning your package and installing it will have the same dependency versions. In other words,…
wybe
  • 447
  • 4
  • 13
1
2 3
10 11