|
|
- <!doctype html>
- <html>
- <title>package-lock.json</title>
- <meta charset="utf-8">
- <link rel="stylesheet" type="text/css" href="../../static/style.css">
- <link rel="canonical" href="https://www.npmjs.org/doc/files/package-lock.json.html">
- <script async=true src="../../static/toc.js"></script>
-
- <body>
- <div id="wrapper">
-
- <h1><a href="../files/package-lock.json.html">package-lock.json</a></h1> <p>A manifestation of the manifest</p>
- <h2 id="description">DESCRIPTION</h2>
- <p><code>package-lock.json</code> is automatically generated for any operations where npm
- modifies either the <code>node_modules</code> tree, or <code>package.json</code>. It describes the
- exact tree that was generated, such that subsequent installs are able to
- generate identical trees, regardless of intermediate dependency updates.</p>
- <p>This file is intended to be committed into source repositories, and serves
- various purposes:</p>
- <ul>
- <li><p>Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.</p>
- </li>
- <li><p>Provide a facility for users to "time-travel" to previous states of <code>node_modules</code> without having to commit the directory itself.</p>
- </li>
- <li><p>To facilitate greater visibility of tree changes through readable source control diffs.</p>
- </li>
- <li><p>And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.</p>
- </li>
- </ul>
- <p>One key detail about <code>package-lock.json</code> is that it cannot be published, and it
- will be ignored if found in any place other than the toplevel package. It shares
- a format with <a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a>, which is essentially the same file, but
- allows publication. This is not recommended unless deploying a CLI tool or
- otherwise using the publication process for producing production packages.</p>
- <p>If both <code>package-lock.json</code> and <code>npm-shrinkwrap.json</code> are present in the root of
- a package, <code>package-lock.json</code> will be completely ignored.</p>
- <h2 id="file-format">FILE FORMAT</h2>
- <h3 id="name">name</h3>
- <p>The name of the package this is a package-lock for. This must match what's in
- <code>package.json</code>.</p>
- <h3 id="version">version</h3>
- <p>The version of the package this is a package-lock for. This must match what's in
- <code>package.json</code>.</p>
- <h3 id="lockfileversion">lockfileVersion</h3>
- <p>An integer version, starting at <code>1</code> with the version number of this document
- whose semantics were used when generating this <code>package-lock.json</code>.</p>
- <h3 id="packageintegrity">packageIntegrity</h3>
- <p>This is a <a href="https://w3c.github.io/webappsec/specs/subresourceintegrity/">subresource
- integrity</a> value
- created from the <code>package.json</code>. No preprocessing of the <code>package.json</code> should
- be done. Subresource integrity strings can be produced by modules like
- <a href="https://www.npmjs.com/package/ssri"><code>ssri</code></a>.</p>
- <h3 id="preservesymlinks">preserveSymlinks</h3>
- <p>Indicates that the install was done with the environment variable
- <code>NODE_PRESERVE_SYMLINKS</code> enabled. The installer should insist that the value of
- this property match that environment variable.</p>
- <h3 id="dependencies">dependencies</h3>
- <p>A mapping of package name to dependency object. Dependency objects have the
- following properties:</p>
- <h4 id="version">version</h4>
- <p>This is a specifier that uniquely identifies this package and should be
- usable in fetching a new copy of it.</p>
- <ul>
- <li>bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes.</li>
- <li>registry sources: This is a version number. (eg, <code>1.2.3</code>)</li>
- <li>git sources: This is a git specifier with resolved committish. (eg, <code>git+https://example.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e</code>)</li>
- <li>http tarball sources: This is the URL of the tarball. (eg, <code>https://example.com/example-1.3.0.tgz</code>)</li>
- <li>local tarball sources: This is the file URL of the tarball. (eg <code>file:///opt/storage/example-1.3.0.tgz</code>)</li>
- <li>local link sources: This is the file URL of the link. (eg <code>file:libs/our-module</code>)</li>
- </ul>
- <h4 id="integrity">integrity</h4>
- <p>This is a <a href="https://w3c.github.io/webappsec/specs/subresourceintegrity/">Standard Subresource
- Integrity</a> for this
- resource.</p>
- <ul>
- <li>For bundled dependencies this is not included, regardless of source.</li>
- <li>For registry sources, this is the <code>integrity</code> that the registry provided, or if one wasn't provided the SHA1 in <code>shasum</code>.</li>
- <li>For git sources this is the specific commit hash we cloned from.</li>
- <li>For remote tarball sources this is an integrity based on a SHA512 of
- the file.</li>
- <li>For local tarball sources: This is an integrity field based on the SHA512 of the file.</li>
- </ul>
- <h4 id="resolved">resolved</h4>
- <ul>
- <li>For bundled dependencies this is not included, regardless of source.</li>
- <li>For registry sources this is path of the tarball relative to the registry
- URL. If the tarball URL isn't on the same server as the registry URL then
- this is a complete URL.</li>
- </ul>
- <h4 id="bundled">bundled</h4>
- <p>If true, this is the bundled dependency and will be installed by the parent
- module. When installing, this module will be extracted from the parent
- module during the extract phase, not installed as a separate dependency.</p>
- <h4 id="dev">dev</h4>
- <p>If true then this dependency is either a development dependency ONLY of the
- top level module or a transitive dependency of one. This is false for
- dependencies that are both a development dependency of the top level and a
- transitive dependency of a non-development dependency of the top level.</p>
- <h4 id="optional">optional</h4>
- <p>If true then this dependency is either an optional dependency ONLY of the
- top level module or a transitive dependency of one. This is false for
- dependencies that are both an optional dependency of the top level and a
- transitive dependency of a non-optional dependency of the top level.</p>
- <p>All optional dependencies should be included even if they're uninstallable
- on the current platform.</p>
- <h4 id="requires">requires</h4>
- <p>This is a mapping of module name to version. This is a list of everything
- this module requires, regardless of where it will be installed. The version
- should match via normal matching rules a dependency either in our
- <code>dependencies</code> or in a level higher than us.</p>
- <h4 id="dependencies">dependencies</h4>
- <p>The dependencies of this dependency, exactly as at the top level.</p>
- <h2 id="see-also">SEE ALSO</h2>
- <ul>
- <li><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></li>
- <li><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></li>
- <li><a href="../files/npm-package-locks.html">npm-package-locks(5)</a></li>
- <li><a href="../files/package.json.html">package.json(5)</a></li>
- <li><a href="../cli/npm-install.html">npm-install(1)</a></li>
- </ul>
-
- </div>
-
- <table border=0 cellspacing=0 cellpadding=0 id=npmlogo>
- <tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18> </td></tr>
- <tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td colspan=6 style="width:60px;height:10px;background:#fff"> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td></tr>
- <tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2> </td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td></tr>
- <tr><td style="width:10px;height:10px;background:#fff" rowspan=2> </td></tr>
- <tr><td style="width:10px;height:10px;background:#fff"> </td></tr>
- <tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr>
- <tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr>
- </table>
- <p id="footer">package-lock.json — npm@6.4.1</p>
-
|