我是否提交由npm 5创建的package-lock.json文件？ [英] Do I commit the package-lock.json file created by npm 5?

问题描述

npm 5今天发布，其中一项新功能包括确定性安装创建一个 package-lock.json 文件。

这个文件应该保存在源代码管理中吗？

我假设它类似于 yarn.lock 和 composer.lock ，这两者都应该保存在源代码管理中。

解决方案

是，打算检查 package-lock.json 进入源代码控制。如果你使用的是npm 5，你可以在命令行中看到：创建一个lockfile作为package-lock.json。您应该提交此文件。根据 npm help package-lock.json ：

$ b $对于任何其中npm
修改 node_modules 的操作，会自动生成 package-lock.json >树，或 package.json 。它描述了生成的
精确树，以便后续安装能够生成相同的树，而不管中间依赖性更新如何。 strong>此文件旨在提交到源代码库，并为
提供各种用途： >描述依赖关系树的单一表示，以保证队友，部署和持续集成安装完全相同的依赖关系。 给用户提供一个工具到时间旅行到 node_modules 以前的状态，而不必提交目录本身。 通过可读的源代码控制差异来促进树更改的更大可见性。 通过允许npm跳过先前安装的软件包的重复元数据分辨率来优化安装过程。

一键d etail约 package-lock.json 就是它不能发布，如果在toplevel软件包以外的地方找到它，
将被忽略。它与npm-shrinkwrap.json（5）共享
格式，它基本上是相同的文件，但
允许发布。这是不推荐的，除非部署CLI工具或
，否则使用发布过程来生产产品包。

如果 package-lock .json 和 npm-shrinkwrap.json 存在于
a包的根目录中， package-lock。 json 将被完全忽略。

npm 5 was released today and one of the new features include deterministic installs with the creation of a package-lock.json file.

Is this file supposed to be kept in source control?

I'm assuming it's similar to yarn.lock and composer.lock, both of which are supposed to be kept in source control.

解决方案

Yes, package-lock.json is intended to be checked into source control. If you're using npm 5, you may see this on the command line: created a lockfile as package-lock.json. You should commit this file. According to npm help package-lock.json:

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

This file is intended to be committed into source repositories, and serves various purposes:

• Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.

• Provide a facility for users to "time-travel" to previous states of node_modules without having to commit the directory itself.

• To facilitate greater visibility of tree changes through readable source control diffs.

• And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.

One key detail about package-lock.json is that it cannot be published, and it will be ignored if found in any place other than the toplevel package. It shares a format with npm-shrinkwrap.json(5), which is essentially the same file, but allows publication. This is not recommended unless deploying a CLI tool or otherwise using the publication process for producing production packages.

If both package-lock.json and npm-shrinkwrap.json are present in the root of a package, package-lock.json will be completely ignored.

这篇关于我是否提交由npm 5创建的package-lock.json文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！