ngohuytrieu/package-vs-package-lock.md

Last active December 6, 2021 10:11

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/ngohuytrieu/3177495e9c10b69388bfde9c1bdf2027.js"></script>
Save ngohuytrieu/3177495e9c10b69388bfde9c1bdf2027 to your computer and use it in GitHub Desktop.

Download ZIP

package.json vs package-lock.json

Raw

package-vs-package-lock.md

Different

package.json: list of module needs for project
package-lock.json: same idea but with lock specific version that already works when run npm i from package.json

Why do we need `package-lock.json`

Semantic Versioning (semver) has structure like: ^MAJOR.MINOR.PATCH
With ^ when run npm i it will install newest version of the same MAJOR. But with the newest MINOR or PATCH (install on new pc) could cause some issue or bug
The package-lock.json solves this by defining the MAJOR.MINOR.PATCH preciously that works.

Install

package.json: npm i
package-lock.json: npm ci

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment