after clone: npm install produces different package-lock file
Question
I'm using npm 5.6.0 and node v6.9.5 on OSX El Capitan 10.11.6.
Scenario : I have a nodejs project where a package-lock.json is created after every npm install as expected. The project, including the package-lock.json , is checked into a repository and afterwards cloned into a different location (same machine, same OS, same npm & node versions).
Problem : However, this time when starting npm install, the package-lock.json is different in terms of order of dependencies.
Background : Now this normally wouldn't be a problem but I need to calculate a checksum over all of the files on the git pre-commit hook to signal in the app, that the project has not been changed when it is cloned from the repository and would like to include package-lock.json into that checksum.
Therefore:
working folder: -> npm install -> package-lock.json -> checksum -> ABCD1234 -> commit & push cloned folder: clone -> npm install -> package-lock.json -> checksum -> 9876EFGH
and the only difference (using filemerge tool on OS X) is the different order of one single dependency in the package-lock.json file, every other file is exactly the same.
Shouldn't the two package-lock.json files be exactly the same? Or did I miss a specific npm concept that does not guarantee that?
Any help / hint is appreciated, thank you!
(Normally I would attach the package-lock.json as code however this file is too long so I will provide a screenshot of the actual differences)
1 answers
solution1
0 2020-04-22 21:46:18
If you're wanting to determine or change what is in package-lock.json, use npm install , but (since npm 5.7.1) if you want to make sure you're getting exactly what is in the provided package-lock.json, use npm ci
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.