[英]How to update package-lock.json without doing npm install?
Question问题
What is the way to update/generate package-lock.json
without making a real installation of node_modules
(what npm install
does)?在不真正安装
node_modules
的情况下更新/生成package-lock.json
的方法是什么( npm install
是做什么的)?
I want just a valid package-lock.json
based on my package.json
, that's it.我只想要一个基于我的
package.json
的有效package-lock.json
,就是这样。
Motivation动机
You might use yarn
locally, when CI server uses npm
.当 CI 服务器使用
npm
时,您可能会在本地使用yarn
。 It's probably not the best practice, but still might ok as a temporary solution.这可能不是最佳实践,但仍然可以作为临时解决方案。
Bonus question : Same for yarn
.额外问题:
yarn
也是如此。 Is it possible to generate yarn-lock.json
without doing a real installation?是否可以在不进行实际安装的情况下生成
yarn-lock.json
?
As of npm 6.x, you can use the following command:从 npm 6.x 开始,您可以使用以下命令:
npm i --package-lock-only
Documentation ( https://docs.npmjs.com/cli/install.html ) says:文档( https://docs.npmjs.com/cli/install.html )说:
The
--package-lock-only
argument will only update thepackage-lock.json
, instead of checking node_modules and downloading dependencies.--package-lock-only
参数只会更新package-lock.json
,而不是检查 node_modules 和下载依赖项。
As of yarn 3.0.0, you can use the following command:从 yarn 3.0.0 开始,您可以使用以下命令:
yarn install --mode update-lockfile
Documentation ( https://yarnpkg.com/cli/install#options-mode%20%230 ) says:文档( https://yarnpkg.com/cli/install#options-mode%20%230 )说:
If the
--mode=<mode>
option is set, Yarn will change which artifacts are generated.如果设置了
--mode=<mode>
选项,Yarn 将更改生成的工件。
update-lockfile
will skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums).update-lockfile
将完全跳过链接步骤,并且仅获取锁定文件中缺少的包(或没有关联的校验和)。 This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.这种模式通常由 Renovate 或 Dependabot 等工具使用,以保持锁定文件为最新,而不会产生全部安装成本。
As of Sep. 10, 2019: yarn doesn't seem to support generating a lock-file without installing the modules.截至 2019 年 9 月 10 日: yarn 似乎不支持在不安装模块的情况下生成锁定文件。 Relevant GitHub issue: https://github.com/yarnpkg/yarn/issues/5738相关 GitHub 问题: https ://github.com/yarnpkg/yarn/issues/5738
I don't have enough reputation to comment, so just add an answer :)我没有足够的声誉来发表评论,所以只需添加一个答案:)
In addition to Teh 's answer , for Yarn now you can:除了Teh的回答,对于 Yarn 现在你可以:
yarn install --mode update-lockfile
Documentation: https://yarnpkg.com/cli/install#options-mode%20%230文档: https ://yarnpkg.com/cli/install#options-mode%20%230
update-lockfile
will skip the link step altogether, and only fetch packages that are missing from the lockfile (or that have no associated checksums).update-lockfile
将完全跳过链接步骤,并且仅获取锁定文件中缺少的包(或没有关联的校验和)。 This mode is typically used by tools like Renovate or Dependabot to keep a lockfile up-to-date without incurring the full install cost.这种模式通常由 Renovate 或 Dependabot 等工具使用,以保持锁定文件为最新,而不会产生全部安装成本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.