[英]Prevent building package-lock.json frequently
I have a package.json
file where I have dependencies fixed to a particular version:我有一个
package.json
文件,其中我将依赖项固定为特定版本:
I had run npm install
few days back and it generated the package-lock.json
file.几天前我运行
npm install
,它生成了package-lock.json
文件。 In the package-lock.json
file, I can see that the exact version of eslint
, ie v8.23.1
, is installed but the sub-dependencies have a caret sign meaning it'll install the latest major/minor versions, eg @eslint/eslintrc= "^1.3.2"
:在
package-lock.json
文件中,我可以看到安装了eslint
的确切版本,即v8.23.1
,但是子依赖项有一个脱字符号,这意味着它将安装最新的主要/次要版本,例如@eslint/eslintrc= "^1.3.2"
:
After pushing my code, when the Jenkins build runs, it fails saying:推送我的代码后,当 Jenkins 构建运行时,它无法显示:
This is because a new version of @eslint/eslintrc
is available and my package-lock.json
has mapping of v1.3.2
.这是因为新版本的
@eslint/eslintrc
可用并且我的package-lock.json
v1.3.2
v1.3.2 的映射。 I have two options in mind:我有两个选择:
Update package-lock.json
every time a sub-dependency gets upgraded but I'll have to do it quite frequently.每次升级子依赖项时更新
package-lock.json
,但我必须经常这样做。
Lock dependencies using overrides
field in package.json
but this will also have to be updated frequently.使用
package.json
中的overrides
字段锁定依赖项,但这也必须经常更新。
I want to freeze the dependencies (which I already did as seen in package.json
) and also the sub-dependecies, until I decide to update them manually.我想冻结依赖项(我已经在
package.json
中看到)以及子依赖项,直到我决定手动更新它们。
What should be done in this case?在这种情况下应该怎么办?
My Node version is v16.15.0 and NPM version is v8.5.5.我的节点版本是 v16.15.0,NPM 版本是 v8.5.5。
The issue was with the node version.问题出在节点版本上。 Earlier
env.NODE_VERSION = '16 --lts'
was being used.之前
env.NODE_VERSION = '16 --lts'
。 After setting it to v16.15.0, it worked fine.将其设置为 v16.15.0 后,它工作正常。 Thanks, @jonrsharpe:)
谢谢,@jonrsharpe:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.