为什么“npm install git repo url"会重写package-lock.json? [英] Why does “npm install git repo url” rewrite package-lock.json?

问题描述

我正在公共 GitHub 中运行 npm install repo 并且它在 package-lock.json 文件中锁定了 4.17.0 的 express，这是 package-lock 的正确行为.json 文件.

I am running the npm install in a public GitHub repo and it has locked the express at 4.17.0 in package-lock.json file which is the correct behavior of package-lock.json file.

但是，当我在一个空文件夹中执行 npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git 然后一个 package-lock.json使用新版本的 express 创建的文件锁定在 4.17.1.我知道源 package.json 但为什么源 package-lock.json 这次被忽略了?

However, when I execute npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git in an empty folder then a package-lock.json file created with the new version of express locked at 4.17.1. I know there is a caret ^ sign in the source package.json but why the source package-lock.json is ignored this time?

我的问题是，当我在服务器上执行 npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git 时，它应该创建一个 <代码>package-lock.json 文件与 express 锁定在 4.17.0 而不是 4.17.1 因为源 package-lock.json 文件在repo 有在 4.17.0 锁定快递.

My problem here is that when I execute npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git on the server it should create a package-lock.json file with express locked at 4.17.0 not with the 4.17.1 because the source package-lock.json file on the repo has locked the express on 4.17.0.

有什么办法可以做到这一点，即 npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git 会考虑源 package-lock.json 文件，不应忽略它?

Is there any way I can achieve this i.e npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git will consider the source package-lock.json file and should not ignore it?

我正在使用以下版本:

npm 版本:5.4.1

节点版本:8.9.3

npm config 获取注册表打印:https://registry.npmjs.org/

操作系统:Ubuntu 18.04

旁注:我也尝试过 npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git 以及以下内容，但问题是相同的，即它在 <代码>4.17.1

Side note: I have tried npm install git+https://github.com/nabeel-nazir confiz/package.lock.master.git with followings as well but the issue was same i.e. it locked the express at 4.17.1

npm 版本:6.14.4

节点版本:13.12.0

npm config 获取注册表打印:https://registry.npmjs.org/

操作系统:Ubuntu 18.04

如果需要提供有关此问题的更多信息，请发表评论.

Please comment If there is a need to provide more information on this question.

谢谢.

推荐答案

去掉胡萝卜 ^ 符号.然后它将保持锁定在 4.17.0.

Remove the carrot ^ sign. Then it'll stay locked at 4.17.0.

这篇关于为什么“npm install git repo url"会重写package-lock.json?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！