問題:
After updating my NPM to the latest version (from 3.X to 5.2.0) and running npm install on an existing project, I get an auto-created package-lock.json file.將我的 NPM 更新到最新版本(從 3.X 到 5.2.0)並在現有項目上運行npm install ,我得到一個自動創建的package-lock.json文件。
I can tell package-lock.json gives me an exact dependency tree as opposed to package.json .我可以告訴package-lock.json給了我一個確切的依賴樹,而不是package.json 。
From that info alone, it seems like package.json is redundant and not needed anymore.僅從這些信息來看, package.json似乎是多餘的,不再需要了。
Are both of them necessary for NPM to work?它們都是 NPM 工作所必需的嗎?
Is it safe or possible to use only the package-lock.json file?僅使用package-lock.json文件是否安全或可以?
The docs on package-lock.json ( doc1 , doc2 ) doesn't mention anything about that. package-lock.json ( doc1 , doc2 ) 上的文檔沒有提及任何相關內容。
Edit :編輯:
After some more thinking about it, I came to the conclusion that if someone wants to use your project with an older version of NPM (before 5.x) it would still install all of the dependencies, but with less accurate versions (patch versions)經過更多思考,我得出的結論是,如果有人想將您的項目與舊版本的 NPM(5.x 之前)一起使用,它仍然會安裝所有依賴項,但版本不太準確(補丁版本)
解決方案:
參考一: https://en.stackoom.com/question/332DY參考二: https://stackoom.com/question/332DY