Node.js v8.0後,自帶的npm也升級到了5.0,第一次使用的時候確實驚豔到了:原本重新安裝一次模塊要十幾秒到事情,現在一秒多就搞定了先不要激動,現在我來大概講一下npm 5的一些大的變化:
1,使用npm install xxx命令安裝模塊時,不再需要--save選項,會自動將模塊依賴信息保存到package.json文件;
2,安裝模塊操作(改變node_modules文件夾內容)會生成或更新package-lock.json文件
3,發佈的模塊不會包含package-lock.json文件
4,如果手動修改了package.json文件中已有模塊的版本,直接執行npm安裝不會安裝新指定的版本,只能通過npm install xxx @ yy更新
重新安裝模塊之所以快,是因爲package-lock.json文件中已經記錄了整個node_modules文件夾的樹狀結構,甚至連模塊的下載地址都記錄了,再重新安裝的時候只需要直接下載文件即可(這樣看起來facebook的紗好像沒有啥優勢了)以下是package-lock.json文件的例子:
{
"name": "topSdk",
"version": "0.0.1",
"lockfileVersion": 1,
"dependencies": {
"address": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/address/-/address-1.0.2.tgz",
"integrity": "sha1-SACB6CtYe6MZRZ/vUS9Rb+A9WK8="
},
"any-promise": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz",
"integrity": "sha1-q8av7tzqUugJzcA3au0845Y10X8="
},
"content-type": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.2.tgz",
"integrity": "sha1-t9ETrueo3Se9IRM8TcJSnfFyHu0="
},
"debug": {
"version": "2.6.8",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz",
"integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw="
},
"default-user-agent": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/default-user-agent/-/default-user-agent-1.0.0.tgz",
"integrity": "sha1-FsRu/cq6PtxF8k8r1IaLAbfCrcY="
},
"digest-header": {
"version": "0.0.1",
"resolved": "https://registry.npmjs.org/digest-header/-/digest-header-0.0.1.tgz",
"integrity": "sha1-Ecz23uxXZqw3l0TZAcEsuklRS+Y="
},
"ee-first": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
"integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
},
"humanize-ms": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/humanize-ms/-/humanize-ms-1.2.1.tgz",
"integrity": "sha1-xG4xWaKT9riW2ikxbYtv6Lt5u+0="
},
"iconv-lite": {
"version": "0.4.18",
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.18.tgz",
"integrity": "sha512-sr1ZQph3UwHTR0XftSbK85OvBbxe/abLGzEnPENCQwmHf7sck8Oyu4ob3LgBxWWxRoM+QszeUyl7jbqapu2TqA=="
},
"minimist": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
"integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ="
},
"ms": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
},
"os-name": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/os-name/-/os-name-1.0.3.tgz",
"integrity": "sha1-GzefZINa98Wn9JizV8uVIVwVnt8="
},
"osx-release": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/osx-release/-/osx-release-1.1.0.tgz",
"integrity": "sha1-8heRGigTaUmvG/kwiyQeJzfTzWw="
},
"qs": {
"version": "6.4.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
"integrity": "sha1-E+JtKK1rD/qpExLNO/cI7TUecjM="
},
"semver": {
"version": "5.3.0",
"resolved": "https://registry.npmjs.org/semver/-/semver-5.3.0.tgz",
"integrity": "sha1-myzl094C0XxgEq0yaqa00M9U+U8="
},
"statuses": {
"version": "1.3.1",
"resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
"integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4="
},
"urllib": {
"version": "2.22.0",
"resolved": "https://registry.npmjs.org/urllib/-/urllib-2.22.0.tgz",
"integrity": "sha1-KWXcSuEnpvtpW32yfTGE8X2Cy0I="
},
"utility": {
"version": "0.1.11",
"resolved": "https://registry.npmjs.org/utility/-/utility-0.1.11.tgz",
"integrity": "sha1-/eYM+bTkdRlHoM9dEEzik2ciZxU="
},
"win-release": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/win-release/-/win-release-1.1.1.tgz",
"integrity": "sha1-X6VeAr58qTTt/BJmVjLoSbcuUgk="
}
}
}
帶來速度的同時,npm也挖了個大大的坑:
以後直接改package.json文件相應模塊的版本號,再執行npm安裝不會更新了(好可怕),你只能手動用npm install xxx @ yy指定版本號來安裝,然後它會自動更新包鎖.json文件。直接執行npm install時,如果不存在package-lock.json文件,它會根據安裝模塊後的node_modules目錄結構來創建;如果已經存在package-lock.json文件,則它只會根據package- lock.json文件指定的結構來下載模塊,並不會理會package.json文件。
網上已經有很多人反應這個問題了:GitHub上的問題:package_lock.json文件在package.json文件更改後未更新
鏈接:https://github.com/npm/npm/issues/16866
文章:瞭解NPM中的鎖文件5
鏈接:HTTP://jpospisil.com/2017/06/02/understanding-lock-files-in-npm-5.html
這裏是 npm文檔關於package-locks的說明
鏈接:HTTPS://docs.npmjs.com/files/package-locks
目前還不知道關於package-lock.json的最佳實踐,果斷切換回Node v6.x,等別人把坑填了再上。