Reputation: 19268
npm lock-file lock down the package version
At work, we start to do the following by lock down the package.json version
"little-state-machine": "2.14.1",
instead of the following:
"little-state-machine": "^2.14.1",
I find it strange and annoying, as I thought npm package-lock file is what's that intended to do just like yarn lock file. Reference
Is there any chance that npm package-lock file will not lock the current version and picking up the latest patch? To manually update the package.json file is redundant and annoying from my point of view.
Upvotes: 1
Views: 4166
Answers (1)
Reputation: 70075
package-lock.json will lock it for developer installations. npm-shrinkwrap.json will lock it for end user installations as well. So, depending on whose dependencies you're trying to pin down, you can use one or the other.
The one case I know of for doing it in package.json is if you only want to pin some of your dependencies but not all of them.
Upvotes: 1
Related Questions
- why not specify a specific package version in package.json file? Then we don't need the package-lock.json
- Locking NPM version?
- How to update version of a package in package-lock.json and/or package.json using npm to latest version?
- NPM v7+ - How to install packages with "lockfileVersion": 1
- npm - How to actually use package-lock.json for installing based on locked versions?
- Using package-lock and npm link
- How can I stop npm from modifying package-lock.json on production server
- NPM Lock down dependency versions in our dependencies package.json
- How do I npm update dependency versions in the package-lock.json?
- lock global npm packages