Reputation: 93
How to update the dependency of one package which is in package-lock.json
We want to update the lodash version to 4.17.11 but it is dependency of grunt-angular-translate . grunt-angular-translate is in package.json . If i am updating the grunt-angular-translate to 0.3.0 it is not updating the lodash to version 4.7.11 .How can we update the dependency which is in package-lock.json.
package.json:
"devDependencies": {
"grunt": "^1.0.3",
"grunt-angular-translate": "^1.0.0",
"grunt-bump": "^0.8.0",
package-lock.json:
"grunt-angular-translate": {
"version": "0.3.0",
"resolved": "https://registry.npmjs.org/grunt-angular-translate/-/grunt-angular-translate-0.3.0.tgz",
"integrity": "sha1-vQEYr6JNj1cCMf2NUtgp2AjFEbM=",
"dev": true,
"requires": {
"flat": "^1.2.0",
"json-stable-stringify": "^1.0.0",
"lodash": "~2.4.1"
},
"dependencies": {
"lodash": {
"version": "2.4.2",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz",
"integrity": "sha1-+t2DS5aDBz2hebPq5tnA0VBT9z4=",
"dev": true
}
}
},
Upvotes: 4
Views: 4776
Answers (1)
Reputation: 18525
As per npm docs:
package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.
This file is intended to be committed into source repositories, and serves various purposes:
Describe a single representation of a dependency tree such that teammates, deployments, and continuous integration are guaranteed to install exactly the same dependencies.
Provide a facility for users to “time-travel” to previous states of node_modules without having to commit the directory itself.
To facilitate greater visibility of tree changes through readable source control diffs.
And optimize the installation process by allowing npm to skip repeated metadata resolutions for previously-installed packages.
In package.json you specify which npm packages you are utilizing in your app. In other words on which you have a specific dependency so your package can function.
package-lock.json is a big "map" of each of the packages your app uses and their dependencies which you can not impact.
In your case grunt-angular-translate has its own dependency on "lodash": "~2.4.1" and you can not change it and should not try to since that package is supposed to work with that version and not with 2 versions higher package where there may be a bunch of breaking changes.
You can upgrade your direct dependency of lodash to its latest version but that would not update grunt-angular-translate dependency to lodash to that version and it really should not.
What should really happen is in your node_modules folder you will get your updated lodash (and you can check by looking at its package.json and the version inside). In that same folder if you go into the grunt-angular-translate folder and look at its own node_modules ... it should have its own lodash folder with lodash 2.4.1 in it.
Upvotes: 1
Related Questions
- How to update package-lock.json without doing npm install?
- How to update a dependency in package-lock.json
- How do you bump a transitive dependency in package-lock.json
- npm force package-lock to update a sub-dependency package
- Update version number In package.json and package-lock.json without updating dependencies
- How to update npm package's dependency?
- How do I update a single dependency in package-lock.json, without any side effects?
- Why I can't update npm package dependancy?
- How do I npm update dependency versions in the package-lock.json?
- Update intermediary npm dependencies with package-lock.json