堆栈内存溢出
  简体   繁体   English

为什么 package-lock.json 与 package.json 有不同的列出的依赖关系?

[英]Why does package-lock.json have different listed dependencies to package.json?

 原文  2020-07-29 12:06:05       javascript/ json/ package/ eslint/ package-lock.json

问题描述

I installed eslint and noticed that it initialized a package-lock.json file and installed a bunch of modules in my node_module folder that I didn't request.我安装了 eslint 并注意到它初始化了一个 package-lock.json 文件并在我的 node_module 文件夹中安装了一堆我没有请求的模块。 I'm not sure why.我不确定为什么。

More importantly, theres discrepancies between my package.json and package-lock.json listed dependencies.更重要的是,我的 package.json 和 package-lock.json 列出的依赖项之间存在差异。 My understanding was that package.json listed my installed dependencies with their semver and package-lock ensured that the exact version i was using is also used by anyone else installing the modules.我的理解是 package.json 列出了我安装的依赖项及其 semver 和 package-lock 确保我使用的确切版本也被安装模块的其他人使用。

So my questions are:所以我的问题是:

  1. Why are there discrepancies ad shouldn't they have mirror listed dependecies?为什么会有差异广告他们不应该有镜像列出的依赖项?
  2. Which.json will install dependencies upon request and why? Which.json 将根据请求安装依赖项,为什么?
  3. Why were these installed in the first place from eslint?为什么首先从 eslint 安装这些?

Thanks谢谢

1 个解决方案

解决方案1
 4 已采纳  2020-07-29 12:35:50

The dependencies listed on package.json are the ones you install by using npm install . package.json上列出的依赖项是您使用npm install安装的依赖项。

When you run npm install eslint , npm will add a line in dependencies with eslint and the installed version.当您运行npm install eslint时,npm 将在 eslint 和已安装版本的dependencies项中添加一行。

"dependencies": {
    "eslint": "^7.5.0"
}

The package-lock.json file contains all dependencies - the ones you installed and the ones required by the other packages. package-lock.json文件包含所有依赖项 - 您安装的依赖项和其他包所需的依赖项。 For example, eslint has 36 Dependencies (check the Dependencies tab).例如, eslint36 个依赖项(查看 Dependencies 选项卡)。

To install a specific version of eslint you should do npm install eslint@7.5.0 .要安装特定版本的 eslint,您应该执行npm install eslint@7.5.0 The package.json file will now reference that specific version: package.json文件现在将引用该特定版本:

"dependencies": {
    "eslint": "7.5.0"
}

Note that the ^ symbol is not showing.请注意, ^符号未显示。 This symbol means compatible with version and follows semver.此符号表示与版本兼容并遵循 semver。 You can check other options here .您可以在此处检查其他选项。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 更新:package.json 和 package-lock.json 不同步 - Renovate: package.json and package-lock.json not in sync Package-lock.json - 需要 vs 依赖 - Package-lock.json - requires vs dependencies Webpack 供应商 JS 包 (Vue CLI) 包含未在依赖项或 package-lock.json 中列出的代码? - Webpack vendors JS bundle (Vue CLI) includes code not listed in dependencies or package-lock.json? package-lock.json 从 package.Z466DEEC76ECDF324FCA6D385D8Z 删除 package 后未更新 - package-lock.json not updated after removing a package from package.json? 使用package-lock.json的工作流程 - Workflow with package-lock.json 如果package-lock.json锁定它,那么在package.json中声明的“兼容版本”(^版本)有什么意义呢? - What's the point of having a “compatible version” (^version) declared in package.json if package-lock.json locks it? npm从package-lock.json文件中创建一个package.json文件? - npm to create a package.json file out of the package-lock.json file? npm 不安装 package.json 依赖项 - npm does not install the package.json dependencies 忽略package-lock.json中的某些软件包 - Ignoring certain packages in package-lock.json 从package-lock.json获取库 - Get Libraries from package-lock.json
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM