Need for both package.json, package-lock.json files in an angular application
Question
Im new in angular. When I got sample angular app installed using angular-cli, I saw package.json and package-lock.json files defined. Among these files, package-lock.json files has exact dependencies defined and package.json has other major facts like author, description, keywords etc. I found this related link as useful.
My doubt is why data detailed in package-lock.json be also included in package.json file so that there is no need of two separate package json files. Two files with similar data to an extend can be confusing especially for a beginner, right?
3 answers
solution1
1 ACCPTED 2019-02-25 10:14:48
Additional read up:
Everything You Wanted To Know About package-lock.json But Were Too Afraid To Ask
https://github.com/npm/npm/pull/17508
Package-lock is a large list of each dependency listed in your package.json, the specific version that should be installed, the location of the module (URI), a hash that verifies the integrity of the module, the list of packages it requires, and a list of dependencies.
Because the package-lock specifies a version, location and integrity hash for every module and each of its dependencies, the install it creates will be the same, every single time. It won't matter what device you are on, or when in the future you install, it should give you the same result every time, which is very useful.
solution2
0 2019-02-25 10:17:55
Package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.
For more info refer below link.
solution3
0 2021-10-06 10:13:19
https://docs.npmjs.com/cli/v7/configuring-npm/package-json
package.json is a JSON file that lives in the root directory of your project. Your package.json holds important information about the project. It contains human-readable metadata about the project (like the project name and description) as well as functional metadata like the package version number and a list of dependencies required by the application.
https://docs.npmjs.com/cli/v7/configuring-npm/package-lock-json
package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.
This file is intended to be committed into source repositories, and serves various purposes:
- Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to
- Install exactly the same dependencies. Provide a facility for users to "time-travel" to previous states of node_modules without having to commit the directory itself.
- Facilitate greater visibility of tree changes through readable source control diffs.
- Optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.
As of npm v7, lockfiles include enough information to gain a complete picture of the package tree, reducing the need to read package.json files, and allowing for significant performance improvements.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.