[英]Using "npm ci" instead of "npm install" for deterministic project setup
Given a project where the package-lock.json
is managed in source control with the goal that all developers on the team get exactly the same dependencies.给定一个项目,其中
package-lock.json
在源代码控制中进行管理,目标是团队中的所有开发人员都获得完全相同的依赖项。
From the documentation of npm I think developers should use npm ci
to set up their development environment and probably also later when dependencies are updated.从 npm 的文档来看,我认为开发人员应该使用
npm ci
来设置他们的开发环境,并且可能在以后更新依赖项时也应该使用。
However the instructions I see in typical npm projects is still to use npm install
.但是,我在典型的 npm 项目中看到的说明仍然是使用
npm install
。
Is there a reason developers should use npm install
instead of npm ci
?开发人员是否有理由使用
npm install
而不是npm ci
? Does npm ci
have disadvantages in this scenario? npm ci
在这种情况下有缺点吗?
I understand that npm ci
does delete the whole node_modules
and therefore potentially re-download some dependencies that were already present.我了解
npm ci
确实删除了整个node_modules
,因此可能会重新下载一些已经存在的依赖项。
But with npm install
I had regularly the case that an npm install
is actually changing the package-lock.json
(see links below), which is definitely not what is expected in a traditional project setup, where the main goal is that all developers get the same environment.但是在
npm install
,我经常遇到这样的情况,即npm install
实际上是在更改package-lock.json
(请参阅下面的链接),这绝对不是所有开发人员在传统项目设置中所期望的主要目标,相同的环境。
Therefore I would like to recommend to use npm ci
.因此我想推荐使用
npm ci
。
Examples of "unexpected" behavior of npm install
: npm install
的“意外”行为示例:
There isn't a reason to use npm ci
instead of npm i
when building a repo locally or updating dependencies (because it uses the npm cache, it's roughly the same speed as npm i
), but there are the following situations where npm i
might be preferred:在本地构建 repo 或更新依赖项时,没有理由使用
npm ci
代替npm i
(因为它使用 npm 缓存,它的速度与npm i
大致相同),但是有以下情况npm i
可能优先:
package.json
and want them to trump the versions in package-lock.json
.package.json
中的版本进行了手动更改,并希望它们胜过package-lock.json
中的版本。You should use npm ci
(clean install) whenever you want a reproducible environment.只要您想要一个可重现的环境,就应该使用
npm ci
(全新安装)。 You are right: the dev team should use it most of the time.你是对的:开发团队大部分时间都应该使用它。
Use npm install
only when they modify the packages or are ready to upgrade dependencies (one of them does it and fixes conflicts; after the commit of package.json
AND package-lock.json
, the others keep doing npm ci
). Use
npm install
only when they modify the packages or are ready to upgrade dependencies (one of them does it and fixes conflicts; after the commit of package.json
AND package-lock.json
, the others keep doing npm ci
).
Please, see my answer explaining the uses of each tool.请参阅我的回答,解释每种工具的用途。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.