`npm update`和`remove package-lock.json`加上`npm install`之间的区别?
[英]Difference between `npm update` and `remove package-lock.json` plus `npm install`?
问题描述
What is essential difference between these commands, except that npm update modify package.json?
这些命令之间有什么本质区别,除了npm 更新修改 package.json?
rm package-lock.json
npm install
npm update --dev
1 个解决方案
解决方案1
7 已采纳 2020-05-12 20:47:07
In package-lock.json basically the indirect dependencies are locked.在package-lock.json基本上间接依赖被锁定。 The indirect dependencies mean those dependencies, that are not specified in the package.json of your project but they are the dependencies of your dependencies.间接依赖是指那些未在项目的package.json中指定的依赖,但它们是您的依赖的依赖。
When npm update --dev is called some dependencies are updated in the package.json .当npm update --dev被调用时,一些依赖项在package.json中更新。 After the entries are updated an install is called, this install updates in package-lock.json those thirdparties that are in connection with the modified ones in the package.json .更新条目后调用安装,此安装更新package-lock.json与package.json中修改的第三方相关的那些第三方。 This means that both the direct and indirect dependencies are updated in the package-lock.json .这意味着直接和间接依赖都在package-lock.json中更新。 But only for those, that were modified in package.json .但仅适用于在package.json中修改的那些。 The thirdparties that remained the same in the package.json won't be touched in the package-lock.json .在package.json中保持不变的第三方将不会在package-lock.json中被触及。 (Both direct and indirect dependencies of them remain the same.) (它们的直接和间接依赖关系保持不变。)
When rm package-lock.json and npm install is called, then the information is lost about the indirect dependencies with the removing of the package-lock.json .当调用rm package-lock.json和npm install时,会丢失有关删除package-lock.json的间接依赖关系的信息。 As npm install is called, a new package-lock.json is generated and the indirect dependencies could be changed for all of your dependencies.当npm install被调用时,会生成一个新的package-lock.json并且可以更改所有依赖项的间接依赖项。
Let's see an example for this.让我们看一个例子。
In package-lock.json we have an indirect dependency the tslib: 1.9.0 .在package-lock.json ,我们间接依赖tslib: 1.9.0 。
"tslib": {
"version": "1.9.0",
"resolved": "https://registry.npmjs.org/tslib/-/tslib-1.9.0.tgz",
"integrity": "sha512-f/qGG2tUkrISBlQZEjEqoZ3B2+npJjIf04H1wuAv9iA8i04Icp+61KRXxFdha22670NJopsZCIjhC3SnjPRKrQ=="
},
The tslib is a dependency of all Angular modules, that are specified directly in the package.json : tslib是所有 Angular 模块的依赖项,这些模块直接在package.json中指定:
"dependencies": {
"@angular/animations": "8.2.12",
"@angular/cdk": "~8.2.3",
"@angular/common": "8.2.12",
"@angular/compiler": "8.2.12",
"@angular/core": "8.2.12",
"@angular/flex-layout": "^8.0.0-beta.27",
"@angular/forms": "8.2.12",
"@angular/material": "^8.2.3",
"@angular/platform-browser": "8.2.12",
"@angular/platform-browser-dynamic": "8.2.12",
"@angular/platform-server": "8.2.12",
"@angular/router": "8.2.12",
"@nguniversal/module-map-ngfactory-loader": "8.1.1",
"aspnet-prerendering": "^3.0.1",
"bootstrap": "^4.3.1",
"core-js": "^2.6.5",
"hammerjs": "^2.0.8",
"jquery": "3.4.1",
"oidc-client": "^1.9.0",
"popper.js": "^1.14.3",
"rxjs": "^6.4.0",
"zone.js": "~0.9.1"
},
"devDependencies": {
"@angular-devkit/build-angular": "^0.800.6",
"@angular/cli": "8.3.18",
"@angular/compiler-cli": "8.2.12",
"@angular/language-service": "8.2.12",
"@types/jasmine": "~3.3.9",
"@types/jasminewd2": "~2.0.6",
"@types/node": "~11.10.5",
"codelyzer": "^5.0.1",
"jasmine-core": "~3.3.0",
"jasmine-spec-reporter": "~4.2.1",
"karma": "^4.0.0",
"karma-chrome-launcher": "~2.2.0",
"karma-coverage-istanbul-reporter": "~2.0.5",
"karma-jasmine": "~2.0.1",
"karma-jasmine-html-reporter": "^1.4.0",
"typescript": "3.4.5"
},
"optionalDependencies": {
"node-sass": "^4.9.3",
"protractor": "~5.4.0",
"ts-node": "~5.0.1",
"tslint": "~5.9.1"
}
If we call npm update --dev , following changes are done:如果我们调用npm update --dev ,将完成以下更改:
+ bootstrap@4.5.0
+ core-js@2.6.11
+ popper.js@1.16.1
+ karma-jasmine-html-reporter@1.5.4
+ karma-coverage-istanbul-reporter@2.0.6
+ codelyzer@5.2.2
+ karma@4.4.1
+ @types/jasmine@3.3.16
+ @types/jasminewd2@2.0.8
+ oidc-client@1.10.1
+ rxjs@6.5.5
We can see, that in the package.json the Angular dependencies are not touched.我们可以看到,在package.json中,没有触及 Angular 依赖项。 It follows that the tslib is also remained on version 1.9.0 in the package-lock.json .因此tslib也保留在package-lock.json中的1.9.0版本上。
However if we remove the package-lock.json , remove the node_modules , do the above updates in the package.json manually and call npm install we can see in the newly generated package-lock.json that the tslib is also updated to 1.12.0 . However if we remove the package-lock.json , remove the node_modules , do the above updates in the package.json and call npm install we can see in the newly generated package-lock.json that the tslib is also updated to 1.12.0 . (If we do not remove the node_modules the same version could be put back in the package-lock.json as previously.) (如果我们不删除node_modules相同的版本可以像以前一样放回package-lock.json中。)
Conclusion结论
So the difference is, that in case of npm update --dev only those direct and indirect dependencies are updated, which were in connection with the changed ones in the package.json .所以不同的是,在npm update --dev的情况下,仅更新那些直接和间接依赖项,这些依赖项与package.json中更改的依赖项有关。 But in case of rm package-lock.json and npm install all indirect dependencies can change.但是在rm package-lock.json和npm install的情况下,所有间接依赖项都可以更改。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.