npm-shrinkwrap.json 和 package-lock.json 有什么区别? [英] What is the difference between npm-shrinkwrap.json and package-lock.json?
问题描述
随着 npm@5 的发布,它现在将编写一个package-lock.json
除非 npm-shrinkwrap.json
已经存在.
With the release of npm@5, it will now write a package-lock.json
unless a npm-shrinkwrap.json
already exists.
我通过以下方式全局安装了 npm@5:
I installed npm@5 globally via:
npm install npm@5 -g
现在,如果在以下期间找到 npm-shrinkwrap.json
:
And now, if a npm-shrinkwrap.json
is found during:
npm install
将打印警告:
npm WARN read-shrinkwrap This version of npm
is compatible with lockfileVersion@1,
but npm-shrinkwrap.json was generated for lockfileVersion@0.
I'll try to do my best with it!
所以我的结论是我应该用 package-lock.json
替换收缩包装.
So my take-away is that I should replace the shrinkwrap with the package-lock.json
.
但是为什么会有一种新的格式呢?package-lock.json
能做什么而 npm-shrinkwrap.json
不能?
Yet why is there a new format for it? What can the package-lock.json
do that the npm-shrinkwrap.json
cannot?
推荐答案
这些文件具有完全相同的内容,但 npm 处理它们的方式存在一些差异,其中大部分在
The files have exactly the same content, but there are a handful of differences in how npm handles them, most of which are noted on the docs pages for package-lock.json and npm-shrinkwrap.json:
package-lock.json
永远不会发布到 npm,而npm-shrinkwrap
默认是package-lock.json
不在顶级包中的文件会被忽略,但属于依赖项的收缩包装文件会受到尊重npm-shrinkwrap.json
向后兼容 npm 版本 2、3 和 4,而package-lock.json
仅被 npm 5+ 识别
package-lock.json
is never published to npm, whereasnpm-shrinkwrap
is by defaultpackage-lock.json
files that are not in the top-level package are ignored, but shrinkwrap files belonging to dependencies are respectednpm-shrinkwrap.json
is backwards-compatible with npm versions 2, 3, and 4, whereaspackage-lock.json
is only recognized by npm 5+
您可以通过运行 npm shrinkwrap
将现有的 package-lock.json
转换为 npm-shrinkwrap.json
.
You can convert an existing package-lock.json
to an npm-shrinkwrap.json
by running npm shrinkwrap
.
因此:
如果你没有将你的包发布到 npm,那么在这两个文件之间进行选择是没有意义的.你可能希望使用
package-lock.json
因为它是默认的并且它的名字对于 npm 初学者来说更清楚;或者,如果您难以确保开发团队中的每个人都使用 npm 5+,您可能希望使用npm-shrinkwrap.json
来向后兼容 npm 2-4.(请注意,npm 5 于 2017 年 5 月 25 日发布;从那个日期开始,向后兼容性将变得越来越不重要,因为大多数人最终都会升级.)
If you are not publishing your package to npm, the choice between these two files is of little consequence. You may wish to use
package-lock.json
because it is the default and its name is clearer to npm beginners; alternatively, you may wish to usenpm-shrinkwrap.json
for backwards compatibility with npm 2-4 if it is difficult for you to ensure everyone on your development team is on npm 5+. (Note that npm 5 was released on 25th May 2017; backwards compatibility will become less and less important the further we get from that date, as most people will eventually upgrade.)
如果你将你的包发布到 npm,你可以选择:
If you are publishing your package to npm, you have a choice between:
- 使用
package-lock.json
来准确记录您安装的依赖项的版本,但允许安装您的包的人使用与您指定的版本范围兼容的任何版本的依赖项package.json
或 - 使用
npm-shrinkwrap.json
来保证安装包的每个人都完全获得相同版本的所有依赖项
- using a
package-lock.json
to record exactly which versions of dependencies you installed, but allowing people installing your package to use any version of the dependencies that is compatible with the version ranges dictated by yourpackage.json
, or - using an
npm-shrinkwrap.json
to guarantee that everyone who installs your package gets exactly the same version of all dependencies
文档中描述的官方观点是选项 1 应该用于库(大概是为了减少包的大量依赖项都依赖于同一个辅助版本的略有不同的版本时导致的包重复量)依赖),但对于将要全局安装的可执行文件,选项 2 可能是合理的.
The official view described in the docs is that option 1 should be used for libraries (presumably in order to reduce the amount of package duplication caused when lots of a package's dependencies all depend on slightly different versions of the same secondary dependency), but that option 2 might be reasonable for executables that are going to be installed globally.
这篇关于npm-shrinkwrap.json 和 package-lock.json 有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!