Reputation: 715
How To Align package.json and package-lock.json When Dependency Versions Are Out of Sync?
Whats Happening
In Package.json:
"dependencies": {
...
"node-sass": "^4.13.0"
...
}
Run npm install
in package-lock.json:
"node-sass": {
"version": "4.13.1",
...
}
What I've Tried
1.
Deleting:
- package-lock.json
- node_modules dir
Then running npm install
2.
Deleting:
- package-lock.json
- node_modules dir
Then running npm install --cache /temp/empty-cache
3.
Deleting:
- package-lock.json
- node_modules dir
Then running npm update
Result: node-sass is not detected as updatable
4.
running npm install [email protected]
This obviously works at syncing them both back up, but doesn't feel right as this could be happening to other dependencies without me knowing.
Questions
- How do I get package.json and package-lock back in sync, without manually installing 4.13.1?
- [Bonus] Why does 4.13.1 always get installed and used by package-lock.json?
- [Bonus] Why does node-sass no get identified as needing an update?
[EDIT]
Would still love an answer for this, if anyone has one that doesn't involve manually updating the dependency
Upvotes: 6
Views: 27796
Answers (3)
Reputation: 1248
I had the problem as well, but only on the build server. I tried everything and in the meantime stumbled multiple times upon the hint that npm install and npm ci must be executed with the exact same flags. It was, at least I thought it would be.
In the end, the problem was that my local environment had in its .npmrc file the legacy-peer-deps parameter set to true which caused both commands executing correctly on my machine but not npm ci on the build server.
Upvotes: 1
Reputation: 12870
Those dependencies are exactly what you have configured:
in your package.json you defined ^4.13.0, the ^ means that you are fine installing the most recent version of that module with the major version of 4.
So when you run npm install you will install all the dependencies that match that semver range.
You can go deeper in semver.
If you want to lock the version you need to write "node-sass": "4.13.0" in your package.json and recreate the package-lock.json
Moreover, to install what is in the package-lock.json you need to run npm ci. If you run npm install you are updating your dependencies in your lock file (that will be updated)
How align package.json and package-lock.json where dependency versions are out of sync?
Regenerate the package-lock
Example:
npm init --yes
npm init [email protected]
// now package-lock has 2.0.0
rm -rf node_modules/
npm install
// now package-lock has 2.0.0 still
rm package-lock.json
npm install [email protected] --no-save
npm install
// now package-lock has 2.5.0 (the version is loaded by node_modules tree)
rm package-lock.json
rm -rf node_modules/
npm install
// now package-lock has 2.11.0
So, if your files are out of sync "something" run the installation without using the lock file
Upvotes: 5
Related Questions
- npm force package-lock to update a sub-dependency package
- Update version number In package.json and package-lock.json without updating dependencies
- Configuring package-lock.json to be source of dependency truth
- two different versions of packages in package-lock.json
- How to handle outdated packages that are required by a dependency in package-lock.json?
- How to update version of a package in package-lock.json and/or package.json using npm to latest version?
- package-lock.json contains non-exact versions
- npm - How to actually use package-lock.json for installing based on locked versions?
- NPM Lock down dependency versions in our dependencies package.json
- How do I npm update dependency versions in the package-lock.json?