Package-lock.json - 需要 vs 依赖 [英] Package-lock.json - requires vs dependencies

问题描述

在依赖对象的 package-lock.json 中，我有 requires 和 dependencies 字段，例如

In package-lock.json in dependency object, I have both requires and dependencies fields, e.g

  "requires": {
    "@angular-devkit/core": "0.8.5",
    "rxjs": "6.2.2",
    "tree-kill": "1.2.0",
    "webpack-sources": "1.3.0"
  },
  "dependencies": {
    "rxjs": {
      "version": "6.2.2",
      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.2.2.tgz",
      "integrity": "sha512-0MI8+mkKAXZUF9vMrEoPnaoHkfzBPP4IGwUYRJhIRJF6/w3uByO1e91bEHn8zd43RdkTMKiooYKmwz7RH6zfOQ==",
      "dev": true,
      "requires": {
        "tslib": "1.9.3"
      }
    }
  }

这两者有什么区别?为什么有些依赖项列在 requires 中，另一些列在 dependencies 中，而其中一些列在这两个字段中?

What is the difference between these two? Why some dependencies are listed in requires, other in dependencies, and some of them in both of these fields?

推荐答案

默认情况下，npm 会直接在 node_modules 中安装所有包.

By default, npm installs all packages directly in node_modules.

然而，假设包 X 依赖于版本 1.0 中的包 Z 并且包 Y 依赖于同一个包 Z，但在 2.0 版中.在这种情况下，我们必须安装这个包的两个版本.一个安装在根node_modules文件夹，另一个安装在依赖包的node_modules文件夹，例如

However, let's say that package X is dependent on package Z in version 1.0 and package Y is dependent on the same package Z, but in version 2.0. In this case we have to install two versions of this package. One will be installed in root node_modules folder, and another one will be installed in node_modules folder of dependant package, e.g.

package.json
node_modules
    /X
    /Y
        /node_modules
            /Z@2.0
    /Z@1.0

同样可能，npm 可以构建一个不同的，但是 仍然正确，包树:

Equally likely, npm could build a different, but still correct, package tree:

package.json
node_modules
    /X
        /node_modules
            /Z@1.0
    /Y
    /Z@2.0

package-lock.json 文件不仅会尝试描述项目的依赖项，还会尝试描述此树结构.上面要构建的两棵树中的哪一个将在 JSON 中编码.

The package-lock.json file will attempt to describe not only the dependencies of your project, but this tree structure as well. Which of the two trees above to build will be encoded in the JSON.

有了这些知识，就很容易理解了:

With this knowledge, it's easy to understand:

需要"反映该依赖项的 package.json 文件中的依赖项，而 dependencies 反映该依赖项的 node_modules 文件夹中实际安装的依赖项.

"requires" reflects dependencies from package.json file of this dependency, while dependencies reflects actually installed dependencies in node_modules folder of this dependency.

这篇关于Package-lock.json - 需要 vs 依赖的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！