[英]Difference between `npm update` and `remove package-lock.json` plus `npm install`?
What is essential difference between these commands, except that npm update modify package.json?这些命令之间有什么本质区别,除了npm 更新修改 package.json?
rm package-lock.json
npm install
npm update --dev
In package-lock.json
basically the indirect dependencies are locked.在
package-lock.json
基本上间接依赖被锁定。 The indirect dependencies mean those dependencies, that are not specified in the package.json
of your project but they are the dependencies of your dependencies.间接依赖是指那些未在项目的
package.json
中指定的依赖,但它们是您的依赖的依赖。
When npm update --dev
is called some dependencies are updated in the package.json
.当
npm update --dev
被调用时,一些依赖项在package.json
中更新。 After the entries are updated an install is called, this install updates in package-lock.json
those thirdparties that are in connection with the modified ones in the package.json
.更新条目后调用安装,此安装更新
package-lock.json
与package.json
中修改的第三方相关的那些第三方。 This means that both the direct and indirect dependencies are updated in the package-lock.json
.这意味着直接和间接依赖都在
package-lock.json
中更新。 But only for those, that were modified in package.json
.但仅适用于在
package.json
中修改的那些。 The thirdparties that remained the same in the package.json
won't be touched in the package-lock.json
.在
package.json
中保持不变的第三方将不会在package-lock.json
中被触及。 (Both direct and indirect dependencies of them remain the same.) (它们的直接和间接依赖关系保持不变。)
When rm package-lock.json
and npm install
is called, then the information is lost about the indirect dependencies with the removing of the package-lock.json
.当调用
rm package-lock.json
和npm install
时,会丢失有关删除package-lock.json
的间接依赖关系的信息。 As npm install
is called, a new package-lock.json
is generated and the indirect dependencies could be changed for all of your dependencies.当
npm install
被调用时,会生成一个新的package-lock.json
并且可以更改所有依赖项的间接依赖项。
Let's see an example for this.让我们看一个例子。
In package-lock.json
we have an indirect dependency the tslib: 1.9.0
.在
package-lock.json
,我们间接依赖tslib: 1.9.0
。
"tslib": {
"version": "1.9.0",
"resolved": "https://registry.npmjs.org/tslib/-/tslib-1.9.0.tgz",
"integrity": "sha512-f/qGG2tUkrISBlQZEjEqoZ3B2+npJjIf04H1wuAv9iA8i04Icp+61KRXxFdha22670NJopsZCIjhC3SnjPRKrQ=="
},
The tslib
is a dependency of all Angular modules, that are specified directly in the package.json
: tslib
是所有 Angular 模块的依赖项,这些模块直接在package.json
中指定:
"dependencies": {
"@angular/animations": "8.2.12",
"@angular/cdk": "~8.2.3",
"@angular/common": "8.2.12",
"@angular/compiler": "8.2.12",
"@angular/core": "8.2.12",
"@angular/flex-layout": "^8.0.0-beta.27",
"@angular/forms": "8.2.12",
"@angular/material": "^8.2.3",
"@angular/platform-browser": "8.2.12",
"@angular/platform-browser-dynamic": "8.2.12",
"@angular/platform-server": "8.2.12",
"@angular/router": "8.2.12",
"@nguniversal/module-map-ngfactory-loader": "8.1.1",
"aspnet-prerendering": "^3.0.1",
"bootstrap": "^4.3.1",
"core-js": "^2.6.5",
"hammerjs": "^2.0.8",
"jquery": "3.4.1",
"oidc-client": "^1.9.0",
"popper.js": "^1.14.3",
"rxjs": "^6.4.0",
"zone.js": "~0.9.1"
},
"devDependencies": {
"@angular-devkit/build-angular": "^0.800.6",
"@angular/cli": "8.3.18",
"@angular/compiler-cli": "8.2.12",
"@angular/language-service": "8.2.12",
"@types/jasmine": "~3.3.9",
"@types/jasminewd2": "~2.0.6",
"@types/node": "~11.10.5",
"codelyzer": "^5.0.1",
"jasmine-core": "~3.3.0",
"jasmine-spec-reporter": "~4.2.1",
"karma": "^4.0.0",
"karma-chrome-launcher": "~2.2.0",
"karma-coverage-istanbul-reporter": "~2.0.5",
"karma-jasmine": "~2.0.1",
"karma-jasmine-html-reporter": "^1.4.0",
"typescript": "3.4.5"
},
"optionalDependencies": {
"node-sass": "^4.9.3",
"protractor": "~5.4.0",
"ts-node": "~5.0.1",
"tslint": "~5.9.1"
}
If we call npm update --dev
, following changes are done:如果我们调用
npm update --dev
,将完成以下更改:
+ bootstrap@4.5.0
+ core-js@2.6.11
+ popper.js@1.16.1
+ karma-jasmine-html-reporter@1.5.4
+ karma-coverage-istanbul-reporter@2.0.6
+ codelyzer@5.2.2
+ karma@4.4.1
+ @types/jasmine@3.3.16
+ @types/jasminewd2@2.0.8
+ oidc-client@1.10.1
+ rxjs@6.5.5
We can see, that in the package.json
the Angular dependencies are not touched.我们可以看到,在
package.json
中,没有触及 Angular 依赖项。 It follows that the tslib
is also remained on version 1.9.0
in the package-lock.json
.因此
tslib
也保留在package-lock.json
中的1.9.0
版本上。
However if we remove the package-lock.json
, remove the node_modules
, do the above updates in the package.json
manually and call npm install
we can see in the newly generated package-lock.json
that the tslib
is also updated to 1.12.0
. However if we remove the
package-lock.json
, remove the node_modules
, do the above updates in the package.json
and call npm install
we can see in the newly generated package-lock.json
that the tslib
is also updated to 1.12.0
. (If we do not remove the node_modules
the same version could be put back in the package-lock.json
as previously.) (如果我们不删除
node_modules
相同的版本可以像以前一样放回package-lock.json
中。)
Conclusion结论
So the difference is, that in case of npm update --dev
only those direct and indirect dependencies are updated, which were in connection with the changed ones in the package.json
.所以不同的是,在
npm update --dev
的情况下,仅更新那些直接和间接依赖项,这些依赖项与package.json
中更改的依赖项有关。 But in case of rm package-lock.json
and npm install
all indirect dependencies can change.但是在
rm package-lock.json
和npm install
的情况下,所有间接依赖项都可以更改。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.