|
<!doctype html>
|
|
<html>
|
|
<title>package-lock.json</title>
|
|
<meta charset="utf-8">
|
|
<link rel="stylesheet" type="text/css" href="../../static/style.css">
|
|
<link rel="canonical" href="https://www.npmjs.org/doc/files/package-lock.json.html">
|
|
<script async=true src="../../static/toc.js"></script>
|
|
|
|
<body>
|
|
<div id="wrapper">
|
|
|
|
<h1><a href="../files/package-lock.json.html">package-lock.json</a></h1> <p>A manifestation of the manifest</p>
|
|
<h2 id="description">DESCRIPTION</h2>
|
|
<p><code>package-lock.json</code> is automatically generated for any operations where npm
|
|
modifies either the <code>node_modules</code> tree, or <code>package.json</code>. It describes the
|
|
exact tree that was generated, such that subsequent installs are able to
|
|
generate identical trees, regardless of intermediate dependency updates.</p>
|
|
<p>This file is intended to be committed into source repositories, and serves
|
|
various purposes:</p>
|
|
<ul>
|
|
<li><p>Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.</p>
|
|
</li>
|
|
<li><p>Provide a facility for users to "time-travel" to previous states of <code>node_modules</code> without having to commit the directory itself.</p>
|
|
</li>
|
|
<li><p>To facilitate greater visibility of tree changes through readable source control diffs.</p>
|
|
</li>
|
|
<li><p>And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.</p>
|
|
</li>
|
|
</ul>
|
|
<p>One key detail about <code>package-lock.json</code> is that it cannot be published, and it
|
|
will be ignored if found in any place other than the toplevel package. It shares
|
|
a format with <a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a>, which is essentially the same file, but
|
|
allows publication. This is not recommended unless deploying a CLI tool or
|
|
otherwise using the publication process for producing production packages.</p>
|
|
<p>If both <code>package-lock.json</code> and <code>npm-shrinkwrap.json</code> are present in the root of
|
|
a package, <code>package-lock.json</code> will be completely ignored.</p>
|
|
<h2 id="file-format">FILE FORMAT</h2>
|
|
<h3 id="name">name</h3>
|
|
<p>The name of the package this is a package-lock for. This must match what's in
|
|
<code>package.json</code>.</p>
|
|
<h3 id="version">version</h3>
|
|
<p>The version of the package this is a package-lock for. This must match what's in
|
|
<code>package.json</code>.</p>
|
|
<h3 id="lockfileversion">lockfileVersion</h3>
|
|
<p>An integer version, starting at <code>1</code> with the version number of this document
|
|
whose semantics were used when generating this <code>package-lock.json</code>.</p>
|
|
<h3 id="packageintegrity">packageIntegrity</h3>
|
|
<p>This is a <a href="https://w3c.github.io/webappsec/specs/subresourceintegrity/">subresource
|
|
integrity</a> value
|
|
created from the <code>package.json</code>. No preprocessing of the <code>package.json</code> should
|
|
be done. Subresource integrity strings can be produced by modules like
|
|
<a href="https://www.npmjs.com/package/ssri"><code>ssri</code></a>.</p>
|
|
<h3 id="preservesymlinks">preserveSymlinks</h3>
|
|
<p>Indicates that the install was done with the environment variable
|
|
<code>NODE_PRESERVE_SYMLINKS</code> enabled. The installer should insist that the value of
|
|
this property match that environment variable.</p>
|
|
<h3 id="dependencies">dependencies</h3>
|
|
<p>A mapping of package name to dependency object. Dependency objects have the
|
|
following properties:</p>
|
|
<h4 id="version">version</h4>
|
|
<p>This is a specifier that uniquely identifies this package and should be
|
|
usable in fetching a new copy of it.</p>
|
|
<ul>
|
|
<li>bundled dependencies: Regardless of source, this is a version number that is purely for informational purposes.</li>
|
|
<li>registry sources: This is a version number. (eg, <code>1.2.3</code>)</li>
|
|
<li>git sources: This is a git specifier with resolved committish. (eg, <code>git+https://example.com/foo/bar#115311855adb0789a0466714ed48a1499ffea97e</code>)</li>
|
|
<li>http tarball sources: This is the URL of the tarball. (eg, <code>https://example.com/example-1.3.0.tgz</code>)</li>
|
|
<li>local tarball sources: This is the file URL of the tarball. (eg <code>file:///opt/storage/example-1.3.0.tgz</code>)</li>
|
|
<li>local link sources: This is the file URL of the link. (eg <code>file:libs/our-module</code>)</li>
|
|
</ul>
|
|
<h4 id="integrity">integrity</h4>
|
|
<p>This is a <a href="https://w3c.github.io/webappsec/specs/subresourceintegrity/">Standard Subresource
|
|
Integrity</a> for this
|
|
resource.</p>
|
|
<ul>
|
|
<li>For bundled dependencies this is not included, regardless of source.</li>
|
|
<li>For registry sources, this is the <code>integrity</code> that the registry provided, or if one wasn't provided the SHA1 in <code>shasum</code>.</li>
|
|
<li>For git sources this is the specific commit hash we cloned from.</li>
|
|
<li>For remote tarball sources this is an integrity based on a SHA512 of
|
|
the file.</li>
|
|
<li>For local tarball sources: This is an integrity field based on the SHA512 of the file.</li>
|
|
</ul>
|
|
<h4 id="resolved">resolved</h4>
|
|
<ul>
|
|
<li>For bundled dependencies this is not included, regardless of source.</li>
|
|
<li>For registry sources this is path of the tarball relative to the registry
|
|
URL. If the tarball URL isn't on the same server as the registry URL then
|
|
this is a complete URL.</li>
|
|
</ul>
|
|
<h4 id="bundled">bundled</h4>
|
|
<p>If true, this is the bundled dependency and will be installed by the parent
|
|
module. When installing, this module will be extracted from the parent
|
|
module during the extract phase, not installed as a separate dependency.</p>
|
|
<h4 id="dev">dev</h4>
|
|
<p>If true then this dependency is either a development dependency ONLY of the
|
|
top level module or a transitive dependency of one. This is false for
|
|
dependencies that are both a development dependency of the top level and a
|
|
transitive dependency of a non-development dependency of the top level.</p>
|
|
<h4 id="optional">optional</h4>
|
|
<p>If true then this dependency is either an optional dependency ONLY of the
|
|
top level module or a transitive dependency of one. This is false for
|
|
dependencies that are both an optional dependency of the top level and a
|
|
transitive dependency of a non-optional dependency of the top level.</p>
|
|
<p>All optional dependencies should be included even if they're uninstallable
|
|
on the current platform.</p>
|
|
<h4 id="requires">requires</h4>
|
|
<p>This is a mapping of module name to version. This is a list of everything
|
|
this module requires, regardless of where it will be installed. The version
|
|
should match via normal matching rules a dependency either in our
|
|
<code>dependencies</code> or in a level higher than us.</p>
|
|
<h4 id="dependencies">dependencies</h4>
|
|
<p>The dependencies of this dependency, exactly as at the top level.</p>
|
|
<h2 id="see-also">SEE ALSO</h2>
|
|
<ul>
|
|
<li><a href="../cli/npm-shrinkwrap.html">npm-shrinkwrap(1)</a></li>
|
|
<li><a href="../files/npm-shrinkwrap.json.html">npm-shrinkwrap.json(5)</a></li>
|
|
<li><a href="../files/npm-package-locks.html">npm-package-locks(5)</a></li>
|
|
<li><a href="../files/package.json.html">package.json(5)</a></li>
|
|
<li><a href="../cli/npm-install.html">npm-install(1)</a></li>
|
|
</ul>
|
|
|
|
</div>
|
|
|
|
<table border=0 cellspacing=0 cellpadding=0 id=npmlogo>
|
|
<tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18> </td></tr>
|
|
<tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td colspan=6 style="width:60px;height:10px;background:#fff"> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td></tr>
|
|
<tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2> </td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td></tr>
|
|
<tr><td style="width:10px;height:10px;background:#fff" rowspan=2> </td></tr>
|
|
<tr><td style="width:10px;height:10px;background:#fff"> </td></tr>
|
|
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr>
|
|
<tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr>
|
|
</table>
|
|
<p id="footer">package-lock.json — npm@6.4.1</p>
|
|
|