Skip to content

Instantly share code, notes, and snippets.

@lxynox

lxynox/package[-lock].json.md

Last active June 23, 2019 05:42
Show Gist options
  • Save lxynox/57c1e9add6689e3b1d9e9a4ec85eac97 to your computer and use it in GitHub Desktop.
Save lxynox/57c1e9add6689e3b1d9e9a4ec85eac97 to your computer and use it in GitHub Desktop.
Download ZIP
package.json vs package-lock.json
Raw
package[-lock].json.md

package.json

"files" vs .npmignore

files - whitelisting all files that should be included in a npm release

.npmignore - blacklisting all files that should be included in a npm release

package-lock.json

Q & A

  1. Why package-lock.json?

    Lock dependency tree for repeated installations.

  2. What's the source of truth when it comes installing node_modules? package-lock.json or package.json or package.json + package-lock.json?

    package.json + package-lock.json

  3. What's the relationship between package.json and package-lock.json?

    package.json overrules package-lock.json when ^/~ was used in package.json.

  4. npm update [package] or npm install [package]?

  5. npm ci

  6. Which to choose when managing dependency versions in package.json? ^ or ~ or exact version? What's the context? (library vs plugin vs app)

Related:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment