stackoom
  简体   繁体   中英

Workflow with package-lock.json

 原文  2017-07-11 16:13:41       javascript/ npm/ workflow

Question

Ok so I have an npm project at my work that a bunch of us are working on. It has dependencies on 'lodash' and 'jquery'.

I do an >npm install , and it pulls down my deps. Then I bundle it.

That creates a 'package-lock.json' on my system.

Now another developer adds a new dependency on 'moment'.

He does a >npm install -S moment .

That adds it to his package.json, and he checks that in. We don't check in the package-lock.json.

Now I do a ' git pull ' and get the new package.json.

Now I do >npm install , BUT because I have my own package-lock.json, it doesnt install 'moment' for me. So now I have to: 

>rm package-lock.json
>npm install

And now I have 'moment'. Seems like this package-lock.json isn't really helping my workflow. Could I get an explanation of how this should work for developers on a day-to-day basis, if we are all developing on a common npm module?

1 answers

solution1
 0  2018-02-06 22:17:17

First, according to npm documentation :

This file is intended to be committed into source repositories

so you should commit your initial package-lock.json after you've done npm install .

Another developer pulls your changes, including the lockfile.

Then he does npm -S moment , which makes updates to both package.json and package-lock.json . The developer pushes a commit with these changes.

Now you pull his changes and do npm install . It should install moment for you . Furthermore, you both should now have exactly the same version of moment and it's dependencies installed - even if between his and your installs minor version of some dependency was incremented.

Merge conflicts

It all gets messy when both of you have installed new dependencies in parallel and then have a conflict on package-lock.json . This may be a huge file and quite a pain to merge manually. I haven't seen documented any official way of dealing with it. There is even an open issue in npm repo to provide solution to resolving conflicts.

One user shares his workaround workflow in the issue thread there, which basically means: override your local changes with package.json and package-lock.json pulled from master, then apply all your npm install -S and npm remove -S commands again. This seems to be a reasonable solution until the issue is resolved by npm.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Mitigate the diff noice by package-lock.json Package-lock.json - requires vs dependencies Prevent building package-lock.json frequently generate package-lock.json programmatically Ignoring certain packages in package-lock.json Get Libraries from package-lock.json Fix a vulnerable dependency in package-lock.json Renovate: package.json and package-lock.json not in sync Bumping package-lock.json and packge.lock at the same time? Reinstall package from package-lock.json file
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM