简体繁体 English

角度应用程序中需要 package.json 和 package-lock.json 文件

[英]Need for both package.json, package-lock.json files in an angular application

原文 2019-02-25 10:09:11 8 3 node.js/ angular/ angular-cli/ package.json

Im new in angular.我是新的角度。 When I got sample angular app installed using angular-cli, I saw package.json and package-lock.json files defined.当我使用 angular-cli 安装示例 angular 应用程序时，我看到定义了 package.json 和 package-lock.json 文件。 Among these files, package-lock.json files has exact dependencies defined and package.json has other major facts like author, description, keywords etc. I found this related link as useful.在这些文件中，package-lock.json 文件定义了精确的依赖关系，package.json 有其他主要事实，如作者、描述、关键字等。我发现这个相关链接很有用。

My doubt is why data detailed in package-lock.json be also included in package.json file so that there is no need of two separate package json files.我的疑问是为什么 package-lock.json 中详述的数据也包含在 package.json 文件中，这样就不需要两个单独的包 json 文件了。 Two files with similar data to an extend can be confusing especially for a beginner, right?两个具有相似数据扩展的文件可能会令人困惑，尤其是对于初学者来说，对吧？

3 个解决方案

Additional read up: 其他阅读：

Everything You Wanted To Know About package-lock.json But Were Too Afraid To Ask 您想知道的关于package-lock.json的所有信息，但都不敢问

https://github.com/npm/npm/pull/17508 https://github.com/npm/npm/pull/17508

Package-lock is a large list of each dependency listed in your package.json, the specific version that should be installed, the location of the module (URI), a hash that verifies the integrity of the module, the list of packages it requires, and a list of dependencies. Package-lock是package.json中列出的每个依赖项的大列表，应安装的特定版本，模块（URI）的位置，验证模块完整性的哈希，所需的软件包列表，以及依赖项列表。

Because the package-lock specifies a version, location and integrity hash for every module and each of its dependencies, the install it creates will be the same, every single time. 因为软件包锁为每个模块及其每个依赖项指定了版本，位置和完整性哈希，所以每次创建的安装都相同。 It won't matter what device you are on, or when in the future you install, it should give you the same result every time, which is very useful. 无论您使用什么设备，或将来安装什么设备，都应该每次都能获得相同的结果，这非常有用。

Package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. 对于npm修改node_modules树或package.json的任何操作，将自动生成 package-lock.json。 It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates. 它描述了生成的确切树，因此无论中间依赖项更新如何，后续安装都可以生成相同的树。

For more info refer below link. 有关更多信息，请参见下面的链接。

"package-lock.json" role “ package-lock.json”角色

https://docs.npmjs.com/cli/v7/configuring-npm/package-json https://docs.npmjs.com/cli/v7/configuring-npm/package-json

package.json is a JSON file that lives in the root directory of your project. package.json是一个位于项目根目录中的 JSON 文件。 Your package.json holds important information about the project.您的 package.json 包含有关项目的重要信息。 It contains human-readable metadata about the project (like the project name and description) as well as functional metadata like the package version number and a list of dependencies required by the application.它包含有关项目的人类可读元数据（如项目名称和描述）以及功能元数据，如包版本号和应用程序所需的依赖项列表。

https://docs.npmjs.com/cli/v7/configuring-npm/package-lock-json https://docs.npmjs.com/cli/v7/configuring-npm/package-lock-json

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. package-lock.json会为任何 npm 修改 node_modules 树或 package.json 的操作自动生成。 It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.它描述了生成的确切树，以便后续安装能够生成相同的树，而不管中间依赖项更新如何。

This file is intended to be committed into source repositories, and serves various purposes:此文件旨在提交到源存储库中，并用于多种目的：

Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to描述依赖树的单一表示，以便保证团队成员、部署和持续集成

Install exactly the same dependencies.安装完全相同的依赖项。 Provide a facility for users to "time-travel" to previous states of node_modules without having to commit the directory itself.为用户提供一种“时间旅行”到 node_modules 以前状态的工具，而无需提交目录本身。

Facilitate greater visibility of tree changes through readable source control diffs.通过可读的源代码控制差异提高树更改的可见性。

Optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.通过允许 npm 跳过先前安装的包的重复元数据解析来优化安装过程。

As of npm v7, lockfiles include enough information to gain a complete picture of the package tree, reducing the need to read package.json files, and allowing for significant performance improvements.从 npm v7 开始，锁文件包含足够的信息来获得包树的完整图片，减少读取 package.json 文件的需要，并允许显着的性能改进。