npm 5 игнорирует блокировку пакета
Я пытаюсь обновить до npm 5 и заблокировать файлы.
Прямо сейчас у меня есть этот package.json:
{
"name": "typescript-test",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"build": "./node_modules/gulp/bin/gulp.js build",
"apidoc": "./node_modules/gulp/bin/gulp.js apidoc",
"watchApi": "BLUEBIRD_DEBUG=1 ./node_modules/gulp/bin/gulp.js watchApi",
"watchMqtt": "./node_modules/gulp/bin/gulp.js watchMqtt",
"test-debug": "NODE_ENV=test ./node_modules/mocha/bin/mocha --no-timeouts --debug-brk release/js/api/test/e2e/**/*.js",
"test": "___BLUEBIRD_DEBUG=1 ./node_modules/gulp/bin/gulp.js test",
"migrate": "./node_modules/sequelize-cli/bin/sequelize db:migrate",
"migrate:undo": "./node_modules/sequelize-cli/bin/sequelize db:migrate:undo"
},
"author": "",
"license": "ISC",
"dependencies": {
"@types/bcrypt": "0.0.30",
"@types/bluebird": "^3.0.35",
"@types/body-parser": "0.0.33",
"@types/config": "0.0.30",
"@types/dateformat": "^1.0.1",
"@types/expect.js": "^0.3.29",
"@types/express": "^4.0.33",
"@types/lodash": "^4.14.37",
"@types/minimist": "^1.1.29",
"@types/mocha": "^2.2.32",
"@types/mongoose": "^4.7.11",
"@types/mqtt": "0.0.32",
"@types/mysql": "0.0.31",
"@types/node-schedule": "0.0.36",
"@types/nodemailer": "^1.3.32",
"@types/passport": "^0.2.32",
"@types/passport-http-bearer": "^1.0.30",
"@types/passport-local": "^1.0.29",
"@types/sequelize": "^4.0.38",
"@types/sequelize-fixtures": "^0.4.29",
"@types/should": "^8.1.30",
"@types/supertest": "^1.1.31",
"@types/supertest-as-promised": "^2.0.32",
"@types/winston": "0.0.28",
"ansi_up": "^1.3.0",
"bcrypt": "^0.8.7",
"bluebird": "^3.4.6",
"body-parser": "1.15.2",
"config": "^1.21.0",
"cron-parser": "^2.4.1",
"dateformat": "^2.0.0",
"expect.js": "^0.3.1",
"express": "^4.14.0",
"express-basic-auth": "^1.1.1",
"express-winston": "^2.0.0",
"gulp": "^3.9.1",
"gulp-clean": "^0.3.2",
"gulp-copy": "0.0.2",
"gulp-nodemon": "^2.2.1",
"gulp-relative-sourcemaps-source": "^0.1.4",
"gulp-sourcemaps": "^2.0.0",
"gulp-spawn-mocha": "^3.1.0",
"gulp-tslint": "^6.1.2",
"gulp-typescript": "^3.0.2",
"json-2-csv": "^2.1.0",
"lodash": "^4.16.4",
"merge2": "^1.0.2",
"minimist": "^1.2.0",
"mocha": "^3.1.2",
"mongoose": "^4.9.7",
"mongoose-fixtures": "0.0.1",
"mosca": "^2.0.2",
"mqtt": "^2.2.1",
"mysql": "^2.11.1",
"node-cron": "^1.2.0",
"node-schedule": "^1.2.0",
"nodemailer": "^2.6.4",
"passport": "^0.3.2",
"passport-http-bearer": "^1.0.1",
"passport-local": "^1.0.0",
"path": "^0.12.7",
"pm2": "^2.4.2",
"read-last-lines": "^1.1.0",
"regression": "^1.4.0",
"sequelize": "3.24.3",
"sequelize-cli": "2.4.0",
"sequelize-fixtures": "^0.5.5",
"should": "^11.1.1",
"supertest": "^2.0.1",
"supertest-as-promised": "^4.0.1",
"tslint": "^3.15.1",
"typescript": "2.3.4",
"typings": "^1.4.0",
"winston": "^2.2.0"
},
"devDependencies": {
"gulp-apidoc": "^0.2.6",
"gulp-debug": "^2.1.2"
}
}
и часть моего пакета-lock.json (то есть для express.js):
{
"name": "typescript-test",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"express": {
"version": "https://registry.npmjs.org/express/-/express-4.15.2.tgz",
"integrity": "sha1-rxB/wUhQRFfy3Kmm8lcdcSm5ezU=",
"requires": {
"accepts": "https://registry.npmjs.org/accepts/-/accepts-1.3.3.tgz",
"array-flatten": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
"content-disposition": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz",
"content-type": "https://registry.npmjs.org/content-type/-/content-type-1.0.2.tgz",
"cookie": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
"cookie-signature": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
"debug": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz",
"depd": "https://registry.npmjs.org/depd/-/depd-1.1.0.tgz",
"encodeurl": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.1.tgz",
"escape-html": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
"etag": "https://registry.npmjs.org/etag/-/etag-1.8.0.tgz",
"finalhandler": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.0.2.tgz",
"fresh": "https://registry.npmjs.org/fresh/-/fresh-0.5.0.tgz",
"merge-descriptors": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
"methods": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
"on-finished": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
"parseurl": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.1.tgz",
"path-to-regexp": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
"proxy-addr": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-1.1.4.tgz",
"qs": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
"range-parser": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
"send": "https://registry.npmjs.org/send/-/send-0.15.1.tgz",
"serve-static": "https://registry.npmjs.org/serve-static/-/serve-static-1.12.1.tgz",
"setprototypeof": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz",
"statuses": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
"type-is": "https://registry.npmjs.org/type-is/-/type-is-1.6.15.tgz",
"utils-merge": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.0.tgz",
"vary": "https://registry.npmjs.org/vary/-/vary-1.1.1.tgz"
},
"dependencies": {
"debug": {
"version": "https://registry.npmjs.org/debug/-/debug-2.6.1.tgz",
"integrity": "sha1-eYVQkLosTjEVzH2HaUkdWPBJE1E=",
"requires": {
"ms": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz"
}
},
"ms": {
"version": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz",
"integrity": "sha1-riXPJRKziFodldfwN4aNhDESR2U="
},
"qs": {
"version": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
"integrity": "sha1-E+JtKK1rD/qpExLNO/cI7TUecjM="
},
"setprototypeof": {
"version": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz",
"integrity": "sha1-ZlZ+NwQ+608E2RvWWMDL77VbjgQ="
}
}
}
}
}
Из пакета package-lock.json, экспресс должен быть установлен на 4.15.2.
Однако, если я сделаю
rm -rf node_modules
npm install
Экспресс установлен на 4.15.3 и пакет-lock.json перезаписан.
Это правильное поведение npm? Я неправильно использую пакетную блокировку?
0 ответов
Каждое изменение node_modules
папка, созданная npm, включая npm install
, отражается в package-lock.json
. Он регистрирует фактически установленные в настоящее время зависимости.
Если теперь вы хотите установить зависимости, заблокированные в вашем package-lock.json
, если вы, например, строите на сервере. Вы можете использоватьnpm ci
команда, чтобы установить зависимости.
Из документации: package-lock.json, npm-ci.