有没有办法从package-lock.json中提取package.json? [英] Is there a way to extract package.json from package-lock.json?

问题描述

我正在处理一个缺少package.json文件的项目.开发人员已将package-lock.json文件推入而没有package.json文件.

I'm working on a project in which the package.json file is missing. The developer has pushed the package-lock.json file without the package.json file.

如果有可能，如何从package-lock.json文件创建一个干净的package.json?

How can I create a clean package.json from the package-lock.json file in case it is at all possible?

推荐答案

无法从package-lock.json生成完整的package.json，因为后者未包含所有必需的数据.它仅包含具有特定版本的依赖项列表，而没有原始存储库.生产和开发的依赖关系与嵌套的依赖关系混合在一起.

It's not possible to generate full package.json from package-lock.json because the latter doesn't contain all necessary data. It contains only a list of dependencies with specific versions without original semvers. Production and development dependencies are mixed up along with nested dependencies.

新鲜的package.json，然后通过以下类似方式增强这些依赖性:

Fresh package.json could be generated, then augmented with these dependencies with something like:

const fs = require('fs');
const packageLock = require('./package-lock.json');
const package = require('./package.json');

package.dependencies = Object.entries(packageLock.dependencies)
.reduce((deps, [dep, { version }]) => Object.assign(deps, { [dep]: version }), {});

fs.writeFileSync('./package-new.json', JSON.stringify(package, null, 2));

可以通过选中requires键来过滤嵌套的依赖关系，但这会影响项目自身的依赖关系.

Nested dependencies could be filtered out by checking requires key, but this can affect project's own dependencies.

这篇关于有没有办法从package-lock.json中提取package.json?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！