[英]Why does package-lock.json have different listed dependencies to package.json?
I installed eslint and noticed that it initialized a package-lock.json file and installed a bunch of modules in my node_module folder that I didn't request.我安装了 eslint 并注意到它初始化了一个 package-lock.json 文件并在我的 node_module 文件夹中安装了一堆我没有请求的模块。 I'm not sure why.我不确定为什么。
More importantly, theres discrepancies between my package.json and package-lock.json listed dependencies.更重要的是,我的 package.json 和 package-lock.json 列出的依赖项之间存在差异。 My understanding was that package.json listed my installed dependencies with their semver and package-lock ensured that the exact version i was using is also used by anyone else installing the modules.我的理解是 package.json 列出了我安装的依赖项及其 semver 和 package-lock 确保我使用的确切版本也被安装模块的其他人使用。
So my questions are:所以我的问题是:
Thanks谢谢
The dependencies listed on package.json
are the ones you install by using npm install
. package.json
上列出的依赖项是您使用npm install
安装的依赖项。
When you run npm install eslint
, npm will add a line in dependencies
with eslint and the installed version.当您运行npm install eslint
时,npm 将在 eslint 和已安装版本的dependencies
项中添加一行。
"dependencies": {
"eslint": "^7.5.0"
}
The package-lock.json
file contains all dependencies - the ones you installed and the ones required by the other packages. package-lock.json
文件包含所有依赖项 - 您安装的依赖项和其他包所需的依赖项。 For example, eslint
has 36 Dependencies (check the Dependencies tab).例如, eslint
有36 个依赖项(查看 Dependencies 选项卡)。
To install a specific version of eslint you should do npm install eslint@7.5.0
.要安装特定版本的 eslint,您应该执行npm install eslint@7.5.0
。 The package.json
file will now reference that specific version: package.json
文件现在将引用该特定版本:
"dependencies": {
"eslint": "7.5.0"
}
Note that the ^ symbol is not showing.请注意, ^符号未显示。 This symbol means compatible with version and follows semver.此符号表示与版本兼容并遵循 semver。 You can check other options here .您可以在此处检查其他选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.