How should the package-lock.json file be generated for Node.js docker apps?

Question

The Node.js docker tutorial (https://nodejs.org/en/docs/guides/nodejs-docker-webapp/) specifies that the npm install should be run on the host prior to starting docker to generate the package-lock.json file.

How should this file be generated when npm/node are not available on the host?

How should the package-lock.json get updated when new dependencies are added to the package.json?

npm specifies that the package-lock.json file should be checked in to source control. When npm install is run via docker, it generates the package-lock.json file in the container - which is not where it would be checked out from source control. The obvious workaround would be to copy the file from the container to the host whenever it is updated but that seems like there should be an easier solution.

Answer 1

I usually just create a temporary container to run npm inside instead of having to install node and npm on the host. Something like this:

docker run --rm -v "$(pwd)":/data -w /data -it node bash

and then inside bash I run npm init to generate a package.json and npm install to generate package-lock.json. You may want to use -u "$UID" to make the file be owned by your host user too, or just chown it after.

I do the same thing to install new packages, just npm install package inside bash on the temporary container.