我是否需要package-lock.json和package.json? [英] Do I need both package-lock.json and package.json?

问题描述

将NPM更新到最新版本(从3.X到5.2.0)并在现有项目上运行npm install之后，我得到了一个自动创建的package-lock.json文件.

After updating my NPM to the latest version (from 3.X to 5.2.0) and running npm install on an existing project, I get an auto-created package-lock.json file.

我可以说package-lock.json给了我一个确切的依赖树，而不是package.json.

I can tell package-lock.json gives me an exact dependency tree as opposed to package.json.

仅从该信息来看，package.json似乎是多余的，不再需要.

From that info alone, it seems like package.json is redundant and not needed anymore.

要使NPM正常工作，这两个条件都是必需的吗?
仅使用package-lock.json文件是否安全?

Are both of them necessary for NPM to work?
Is it safe or possible to use only the package-lock.json file?

package-lock.json( doc1 ， doc2 )未提及任何内容.

The docs on package-lock.json (doc1, doc2) doesn't mention anything about that.

修改:

经过更多思考，我得出的结论是，如果有人想将您的项目与NPM的较旧版本(5.x之前的版本)一起使用，它将仍然安装所有依赖项，但版本不那么精确(补丁版本)

After some more thinking about it, I came to the conclusion that if someone wants to use your project with an older version of NPM (before 5.x) it would still install all of the dependencies, but with less accurate versions (patch versions)

推荐答案

是否同时需要package-lock.json和package.json? 否.

您需要package.json吗? 是.

您可以有一个仅包含package-lock.json的项目吗? 否.

Can you have a project with only the package-lock.json? No.

package.json不仅用于依赖项-例如定义项目属性，描述，作者&许可证信息，脚本等.package-lock.json仅用于将依赖项锁定到特定的版本号.

The package.json is used for more than dependencies - like defining project properties, description, author & license information, scripts, etc. The package-lock.json is solely used to lock dependencies to a specific version number.

这篇关于我是否需要package-lock.json和package.json?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！