Reputation: 23261
npm5 package-lock.json different entries on different machines
Our project uses npm for package management. After upgrading from npm 4 to npm 5, we decided to opt-in for the new package-lock.json.
After committing it and performing npm install on other machines, we spotted differences in the way the version and resolved entries are specified:
1) example of package-lock.json dependencies with version encoded as URL:
"jspm": {
"version": "https://registry.npmjs.org/jspm/-/jspm-0.16.52.tgz",
"integrity": "sha1-axhH4I8TGsm9JnzFiXSXmudnXS4=",
"dev": true
},
"systemjs": {
"version": "https://registry.npmjs.org/systemjs/-/systemjs-0.19.46.tgz",
"integrity": "sha1-wEV0szNfBSoOPHoA7kGIxuTB444=",
"dev": true
},
2) example of package-lock.json dependencies with version and resolved properties:
"jspm": {
"version": "0.16.53",
"resolved": "https://registry.npmjs.org/jspm/-/jspm-0.16.53.tgz",
"integrity": "sha1-VvNR9JWUyJM+XgG2UUWsrr/PtZ4=",
"dev": true,
"dependencies": {
...
}
},
"systemjs": {
"version": "0.19.46",
"resolved": "https://registry.npmjs.org/systemjs/-/systemjs-0.19.46.tgz",
"integrity": "sha1-wEV0szNfBSoOPHoA7kGIxuTB444=",
"dev": true
},
...
In addition to having an unstable package-lock.json, our build server is having issues when installing the first example.
Upvotes: 3
Views: 2711
Answers (2)
Reputation: 6384
You may want to check in this situation on both machines that:
- your node + npm version are the same and maybe doing
npm -g update npm. - the npm configuration property
save-exacthas the same value on both machines. (otherwise doingnpm config set save_exact true/false)
Upvotes: 1
Reputation: 23261
Follow this procedure to produce a stable version of the package-lock.json:
- delete the existing
node_modulesfolder - delete the existing
package-lock.json - perform
npm install - commit and push the package-lock.json
For the rest of the team:
- delete the existing
node_modulesfolder - pull the new package-lock.json
- perform
npm install
Deleting the existing node_modules before continuing is an essential step because the package-lock.json does parse existing metadata from the node_modules folder.
This means that if your node_modules folder has leftovers, they may get added to the package-lock's dependencies, even if they're not an actual dependency (anymore).
Upvotes: 6
Related Questions
- npm install creates strange differences in package-lock.json between different machines
- Duplicate modules in package-lock.json when using npm?
- two different versions of packages in package-lock.json
- package-lock.json is rewritten after npm install
- Is it possible to not generate package-lock.json with npm 5?
- package-lock.json contains non-exact versions
- Why does `npm install` generate different `package-lock.json` files for the same `package.json` file?
- Why do I get vastly different `package-lock.json` files when I run `npm install` on different systems
- package-lock.json not created with npm install
- Why do all my npm projects have package-lock.json file but only on one computer?